Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
25690.01808D.msi

Overview

General Information

Sample name:25690.01808D.msi
Analysis ID:1423764
MD5:2b0155bffc9d2c3b1607557e50843049
SHA1:02678061f63f0bb0bb8155f8b54a13c9fe39cf0e
SHA256:70492103fe59217c37a64ab3bbf7d53498822d6b167f8fe1c5dbcd250a115f51
Tags:msi
Infos:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Bypasses PowerShell execution policy
Query firmware table information (likely to detect VMs)
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Checks for available system drives (often done to infect USB drives)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Suspicious MsiExec Embedding Parent
Tries to load missing DLLs
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 5840 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\25690.01808D.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 7124 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 6172 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 7AEE77A2D687777A7B17D9BDC9CFF799 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • powershell.exe (PID: 4416 cmdline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss6AFB.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi6AF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr6AF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr6AF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue." MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
        • conhost.exe (PID: 2888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • Vo8hgf.exe (PID: 6412 cmdline: "C:\ProgramData\BlueStacksXL\Vo8hgf.exe" MD5: FB8B69DA795B160D022AA663B17B2AD7)
          • tasklist.exe (PID: 4536 cmdline: tasklist /FI "IMAGENAME eq gbpsv.exe" MD5: 0A4448B31CE7F83CB7691A2657F330F1)
            • conhost.exe (PID: 6348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • tasklist.exe (PID: 7044 cmdline: tasklist /FI "IMAGENAME eq core.exe" MD5: 0A4448B31CE7F83CB7691A2657F330F1)
            • conhost.exe (PID: 5064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • tasklist.exe (PID: 6588 cmdline: tasklist /FI "IMAGENAME eq RapportService.exe" MD5: 0A4448B31CE7F83CB7691A2657F330F1)
            • conhost.exe (PID: 4980 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • tasklist.exe (PID: 4164 cmdline: tasklist /FI "IMAGENAME eq RapportMgmtService.exe" MD5: 0A4448B31CE7F83CB7691A2657F330F1)
            • conhost.exe (PID: 6044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • tasklist.exe (PID: 3160 cmdline: tasklist /FI "IMAGENAME eq scpbradguard.exe" MD5: 0A4448B31CE7F83CB7691A2657F330F1)
            • conhost.exe (PID: 5068 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\Pictures\Screenshots\AStGGHNIlm.jpgINDICATOR_SUSPICIOUS_IMG_Embedded_ArchiveDetects images embedding archives. Observed in TheRat RAT.ditekSHen
  • 0x3555:$zipwopass: 50 4B 03 04 14 00 00 00

Sigma Signatures

System Summary

barindex
Sigma detected: Script Interpreter Execution From Suspicious Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss6AFB.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi6AF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr6AF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr6AF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss6AFB.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi6AF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr6AF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr6AF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 7AEE77A2D687777A7B17D9BDC9CFF799, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6172, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss6AFB.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi6AF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr6AF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr6AF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 4416, ProcessName: powershell.exe
Sigma detected: Suspicious Script Execution From Temp Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss6AFB.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi6AF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr6AF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr6AF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss6AFB.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi6AF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr6AF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr6AF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 7AEE77A2D687777A7B17D9BDC9CFF799, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6172, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss6AFB.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi6AF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr6AF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr6AF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 4416, ProcessName: powershell.exe
Sigma detected: Change PowerShell Policies to an Insecure Level
Source: Process startedAuthor: frack113: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss6AFB.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi6AF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr6AF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr6AF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss6AFB.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi6AF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr6AF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr6AF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 7AEE77A2D687777A7B17D9BDC9CFF799, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6172, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss6AFB.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi6AF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr6AF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr6AF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 4416, ProcessName: powershell.exe
Sigma detected: Suspicious MsiExec Embedding Parent
Source: Process startedAuthor: frack113: Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss6AFB.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi6AF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr6AF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr6AF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss6AFB.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi6AF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr6AF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr6AF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 7AEE77A2D687777A7B17D9BDC9CFF799, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6172, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss6AFB.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi6AF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr6AF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr6AF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 4416, ProcessName: powershell.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss6AFB.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi6AF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr6AF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr6AF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss6AFB.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi6AF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr6AF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr6AF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 7AEE77A2D687777A7B17D9BDC9CFF799, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6172, ParentProcessName: msiexec.exe, ProcessCommandLine: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss6AFB.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi6AF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr6AF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr6AF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue.", ProcessId: 4416, ProcessName: powershell.exe

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: http://pesterbdd.com/images/Pester.pngURL Reputation: Label: malware
Multi AV Scanner detection for dropped file
Source: C:\ProgramData\BlueStacksXL\d3dcompiler_47.dllReversingLabs: Detection: 21%
Source: C:\ProgramData\BlueStacksXL\d3dcompiler_47.dllVirustotal: Detection: 17%Perma Link
Source: Vo8hgf.exe, 00000006.00000002.2085681517.0000000067C02000.00000004.00000001.01000000.0000000B.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_3ed242a8-c
Source: Binary string: C:\code\robusta-launcher\Library\BLauncher\release\BLauncher.pdbKK source: Vo8hgf.exe, 00000006.00000002.2087906358.00000000686D5000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: d:\agent\_work\4\s\\binaries\x86ret\bin\i386\\msvcp140_1.i386.pdb source: Vo8hgf.exe, Vo8hgf.exe, 00000006.00000002.2083991650.00000000674F1000.00000020.00000001.01000000.00000011.sdmp
Source: Binary string: C:\code\robusta-launcher\Library\UIControl\release\UIControl.pdbhh source: Vo8hgf.exe, 00000006.00000002.2087662827.000000006864F000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdb source: 25690.01808D.msi, MSI6A90.tmp.1.dr, MSI5FA2.tmp.1.dr
Source: Binary string: C:\code\robusta-launcher\Library\UIControl\release\UIControl.pdb source: Vo8hgf.exe, 00000006.00000002.2087662827.000000006864F000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: d:\agent\_work\4\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: Vo8hgf.exe, Vo8hgf.exe, 00000006.00000002.2084405181.0000000067551000.00000020.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: Vo8hgf.exe, 00000006.00000002.2084960658.00000000679E6000.00000002.00000001.01000000.0000000C.sdmp, Qt5Core.dll.1.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Network.pdb source: Vo8hgf.exe, 00000006.00000002.2085637728.0000000067BC2000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbU source: Vo8hgf.exe, 00000006.00000002.2084960658.00000000679E6000.00000002.00000001.01000000.0000000C.sdmp, Qt5Core.dll.1.dr
Source: Binary string: C:\code\robusta-launcher\Library\BLauncher\release\BLauncher.pdb source: Vo8hgf.exe, 00000006.00000002.2087906358.00000000686D5000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: Vo8hgf.exe, 00000006.00000002.2086349017.0000000067F89000.00000002.00000001.01000000.0000000A.sdmp, Qt5Gui.dll.1.dr
Source: Binary string: C:\Users\qt\work\qt\qtwebchannel\lib\Qt5WebChannel.pdb source: Qt5WebChannel.dll.1.dr
Source: Binary string: C:\Users\qt\work\qt\qtwebchannel\lib\Qt5WebChannel.pdb(( source: Qt5WebChannel.dll.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: 25690.01808D.msi
Source: Binary string: C:\code\rundir\qt\release\Cloud Game.pdb source: Vo8hgf.exe, 00000006.00000000.2065960204.000000000095E000.00000002.00000001.01000000.00000006.sdmp, Vo8hgf.exe, 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmp, Vo8hgf.exe.1.dr
Source: Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb,, source: Vo8hgf.exe, 00000006.00000002.2084286192.0000000067527000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbl source: 25690.01808D.msi
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: Vo8hgf.exe, 00000006.00000002.2087005196.0000000068481000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: 25690.01808D.msi, MSI5EA5.tmp.1.dr, MSI5E36.tmp.1.dr, MSI5D0C.tmp.1.dr, MSI5F15.tmp.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdb_ source: 25690.01808D.msi, MSI6A90.tmp.1.dr, MSI5FA2.tmp.1.dr
Source: Binary string: d:\agent\_work\4\s\\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: Vo8hgf.exe, Vo8hgf.exe, 00000006.00000002.2084523629.0000000067571000.00000020.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb source: Vo8hgf.exe, 00000006.00000002.2084286192.0000000067527000.00000002.00000001.01000000.00000010.sdmp
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: c:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_0148E780 CreateFileW,DeviceIoControl,FindFirstFileExW,FindClose,SetLastError,SetLastError,6_2_0148E780
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_0148EC10 FindFirstFileExW,FindClose,6_2_0148EC10
Source: Vo8hgf.exe, 00000006.00000000.2065960204.000000000095E000.00000002.00000001.01000000.00000006.sdmp, Vo8hgf.exe, 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: enable-chrome-runtimeLOCALAPPDATA/cache/cef/Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36 BSX/0.12.1.3/image/cef_browser_loading.gif/image/cef_browser_loading.svgLoading game. Please wait...https://accounts.google.com/o/oauth2/v2/authhttps://www.facebook.com/login.phphttps://discord.com/oauth2/authorize,K equals www.facebook.com (Facebook)
Source: Vo8hgf.exe, 00000006.00000002.2085637728.0000000067BC2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: g04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1email.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06www.google.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3login.yahoo.com39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:293e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47login.skype.com92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43addons.mozilla.orgb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0login.live.comd8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0global trustee05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56*.google.com0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4cDigiNotar Root CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49DigiNotar Services CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Services 1024 CA0a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3eDigiNotar Root CA G2a4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21CertiID Enterprise Certificate Authority5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41DigiNotar Qualified CA46:9c:2c:b007:27:10:0dDigiNotar Cyber CA07:27:0f:f907:27:10:0301:31:69:b0DigiNotar PKIoverheid CA Overheid en Bedrijven01:31:34:bfDigiNotar PKIoverheid CA Organisatie - G2d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar Extended Validation CA1e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Public CA 202546:9c:2c:af46:9c:3c:c907:27:14:a9Digisign Server ID (Enrich)4c:0e:63:6aDigisign Server ID - (Enrich)72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0UTN-USERFirst-Hardware41MD5 Collisions Inc. (http://www.phreedom.org/md5)08:27*.EGO.GOV.TR08:64e-islem.kktcmerkezbankasi.org03:1d:a7AC DG Tr equals www.yahoo.com (Yahoo)
Source: Vo8hgf.exe.1.drString found in binary or memory: h@XIE i@enable-chrome-runtimeLOCALAPPDATA/cache/cef/Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36 BSX/0.12.1.3/image/cef_browser_loading.gif/image/cef_browser_loading.svgLoading game. Please wait...https://accounts.google.com/o/oauth2/v2/authhttps://www.facebook.com/login.phphttps://discord.com/oauth2/authorize,KE equals www.facebook.com (Facebook)
Source: Vo8hgf.exe, Vo8hgf.exe, 00000006.00000000.2065960204.000000000095E000.00000002.00000001.01000000.00000006.sdmp, Vo8hgf.exe, 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmp, Vo8hgf.exe.1.drString found in binary or memory: https://www.facebook.com/login.php equals www.facebook.com (Facebook)
Source: Qt5WebChannel.dll.1.dr, Qt5Gui.dll.1.drString found in binary or memory: http://aia.entrust.net/evcs2-chain.p7c01
Source: Qt5WebChannel.dll.1.dr, Qt5Gui.dll.1.drString found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01
Source: Vo8hgf.exe, 00000006.00000002.2085637728.0000000067BC2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://bugreports.qt.io/
Source: Vo8hgf.exe, 00000006.00000002.2085637728.0000000067BC2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://bugreports.qt.io/_q_receiveReplyensureClientPrefaceSentMicrosoft-IIS/4.Microsoft-IIS/5.Netsca
Source: Vo8hgf.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Vo8hgf.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Vo8hgf.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Vo8hgf.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Qt5WebChannel.dll.1.dr, Qt5Gui.dll.1.drString found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: Qt5WebChannel.dll.1.dr, Qt5Gui.dll.1.drString found in binary or memory: http://crl.entrust.net/csbr1.crl0
Source: Qt5WebChannel.dll.1.dr, Qt5Gui.dll.1.drString found in binary or memory: http://crl.entrust.net/evcs2.crl0
Source: Qt5WebChannel.dll.1.dr, Qt5Gui.dll.1.drString found in binary or memory: http://crl.entrust.net/g2ca.crl0
Source: Qt5WebChannel.dll.1.dr, Qt5Gui.dll.1.drString found in binary or memory: http://crl.entrust.net/ts1ca.crl0
Source: Vo8hgf.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Vo8hgf.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Vo8hgf.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Vo8hgf.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Vo8hgf.exe.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: powershell.exe, 00000004.00000002.2181609752.0000000005836000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: Vo8hgf.exe.1.drString found in binary or memory: http://ocsp.digicert.com0
Source: Vo8hgf.exe.1.drString found in binary or memory: http://ocsp.digicert.com0A
Source: Vo8hgf.exe.1.drString found in binary or memory: http://ocsp.digicert.com0C
Source: Vo8hgf.exe.1.drString found in binary or memory: http://ocsp.digicert.com0X
Source: Qt5WebChannel.dll.1.dr, Qt5Gui.dll.1.drString found in binary or memory: http://ocsp.entrust.net00
Source: Qt5WebChannel.dll.1.dr, Qt5Gui.dll.1.drString found in binary or memory: http://ocsp.entrust.net01
Source: Qt5WebChannel.dll.1.dr, Qt5Gui.dll.1.drString found in binary or memory: http://ocsp.entrust.net02
Source: Qt5WebChannel.dll.1.dr, Qt5Gui.dll.1.drString found in binary or memory: http://ocsp.entrust.net03
Source: powershell.exe, 00000004.00000002.2178968735.0000000004926000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000004.00000002.2178968735.00000000047D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Vo8hgf.exe, 00000006.00000002.2086349017.0000000067F89000.00000002.00000001.01000000.0000000A.sdmp, Qt5Gui.dll.1.drString found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: powershell.exe, 00000004.00000002.2178968735.0000000004926000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: Vo8hgf.exe, 00000006.00000002.2086349017.0000000067F89000.00000002.00000001.01000000.0000000A.sdmp, Qt5Gui.dll.1.drString found in binary or memory: http://www.color.org)
Source: Vo8hgf.exe.1.drString found in binary or memory: http://www.digicert.com/CPS0
Source: Qt5Gui.dll.1.drString found in binary or memory: http://www.entrust.net/rpa0
Source: Qt5WebChannel.dll.1.dr, Qt5Gui.dll.1.drString found in binary or memory: http://www.entrust.net/rpa03
Source: Vo8hgf.exe, 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.google.com/images/icons/product/search-16.gif
Source: Vo8hgf.exe, 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.google.com/images/icons/product/search-32.gif
Source: Vo8hgf.exe, 00000006.00000002.2085637728.0000000067BC2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.phreedom.org/md5)
Source: Vo8hgf.exe, 00000006.00000002.2085637728.0000000067BC2000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.phreedom.org/md5)08:27
Source: Vo8hgf.exe, 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: Vo8hgf.exe, 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/token
Source: Vo8hgf.exe, Vo8hgf.exe, 00000006.00000000.2065960204.000000000095E000.00000002.00000001.01000000.00000006.sdmp, Vo8hgf.exe, 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmp, Vo8hgf.exe.1.drString found in binary or memory: https://accounts.google.com/o/oauth2/v2/auth
Source: powershell.exe, 00000004.00000002.2178968735.00000000047D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
Source: Vo8hgf.exe, 00000006.00000002.2087906358.00000000686D5000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://bsxplayer.bluestacks.com
Source: Vo8hgf.exe, 00000006.00000002.2087906358.00000000686D5000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://cloud.bluestacks.com
Source: Vo8hgf.exe, 00000006.00000002.2087906358.00000000686D5000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://cloud.bluestacks.comhttps://now.gghttps://bsxplayer.bluestacks.comhttps://x-api.bluestacks.c
Source: powershell.exe, 00000004.00000002.2181609752.0000000005836000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000004.00000002.2181609752.0000000005836000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000004.00000002.2181609752.0000000005836000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: Vo8hgf.exe, 00000006.00000002.2087906358.00000000686D5000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://dev-x.bstkinternal.net/qt-webchannel-wemix-demo/
Source: Vo8hgf.exe, 00000006.00000002.2087906358.00000000686D5000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://dev-x.bstkinternal.net/qt-webchannel-wemix-demo/https://wallet.now.gg/7680de98-488a-410c-961
Source: Vo8hgf.exe, 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://developers.google.com/admin-sdk/reports/
Source: Vo8hgf.exe, 00000006.00000002.2083522637.00000000101CB000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: https://developers.google.com/blogger/docs/3.0/getting_started
Source: Vo8hgf.exe, Vo8hgf.exe, 00000006.00000000.2065960204.000000000095E000.00000002.00000001.01000000.00000006.sdmp, Vo8hgf.exe, 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmp, Vo8hgf.exe.1.drString found in binary or memory: https://discord.com/oauth2/authorize
Source: powershell.exe, 00000004.00000002.2178968735.0000000004926000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000004.00000002.2178968735.0000000004FFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
Source: Vo8hgf.exe, 00000006.00000002.2087906358.00000000686D5000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://now.gg
Source: powershell.exe, 00000004.00000002.2181609752.0000000005836000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: Vo8hgf.exe, 00000006.00000002.2087906358.00000000686D5000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://wallet.now.gg
Source: Vo8hgf.exe, 00000006.00000002.2087906358.00000000686D5000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://wallet.now.gg/
Source: Vo8hgf.exe, 00000006.00000002.2087906358.00000000686D5000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://wallet.now.ggNowggHostrunasbool
Source: Vo8hgf.exe, Vo8hgf.exe, 00000006.00000000.2065960204.000000000095E000.00000002.00000001.01000000.00000006.sdmp, Vo8hgf.exe, 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmp, Vo8hgf.exe.1.drString found in binary or memory: https://www.bluestacks.com/
Source: Vo8hgf.exe, 00000006.00000000.2065960204.000000000095E000.00000002.00000001.01000000.00000006.sdmp, Vo8hgf.exe, 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmp, Vo8hgf.exe.1.drString found in binary or memory: https://www.bluestacks.com/background-color:
Source: Qt5WebChannel.dll.1.dr, Qt5Gui.dll.1.drString found in binary or memory: https://www.entrust.net/rpa0
Source: Vo8hgf.exe, 00000006.00000002.2083522637.00000000101CB000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: https://www.google.com/images/icons/product/blogger-16.png
Source: Vo8hgf.exe, 00000006.00000002.2083522637.00000000101CB000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: https://www.google.com/images/icons/product/blogger-32.png
Source: Vo8hgf.exe, Vo8hgf.exe, 00000006.00000002.2083522637.00000000101CB000.00000002.00000001.01000000.0000000F.sdmp, Vo8hgf.exe, 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.googleapis.com/
Source: Vo8hgf.exe, 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.googleapis.com/admin/reports/v1/
Source: Vo8hgf.exe, 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.googleapis.com/auth/admin.reports.audit.readonly
Source: Vo8hgf.exe, 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://www.googleapis.com/auth/admin.reports.usage.readonly
Source: Vo8hgf.exe, 00000006.00000002.2083522637.00000000101CB000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: https://www.googleapis.com/auth/blogger
Source: Vo8hgf.exe, 00000006.00000002.2083522637.00000000101CB000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: https://www.googleapis.com/auth/blogger.readonly
Source: Vo8hgf.exe, 00000006.00000002.2083522637.00000000101CB000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: https://www.googleapis.com/blogger/v3/
Source: Vo8hgf.exe, 00000006.00000002.2087906358.00000000686D5000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://x-api.bluestacks.com
Source: Vo8hgf.exe, 00000006.00000002.2087906358.00000000686D5000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://xcs-api.now.gg
Source: Vo8hgf.exe, 00000006.00000002.2087906358.00000000686D5000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://xcs.bluestacks.com

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: C:\Users\user\Pictures\Screenshots\AStGGHNIlm.jpg, type: DROPPEDMatched rule: Detects images embedding archives. Observed in TheRat RAT. Author: ditekSHen
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_0148E780: CreateFileW,DeviceIoControl,FindFirstFileExW,FindClose,SetLastError,SetLastError,6_2_0148E780
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\615982.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5D0C.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5E36.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5E66.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5EA5.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5EE5.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5F15.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{9A1B43B3-227E-4D64-A597-45408F02A66B}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5FA2.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6A90.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI5D0C.tmpJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_0092E9106_2_0092E910
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_014B61B06_2_014B61B0
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_014B20106_2_014B2010
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_014643A06_2_014643A0
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_0148A5806_2_0148A580
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_014B45906_2_014B4590
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_014946606_2_01494660
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_014B29706_2_014B2970
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_014629F06_2_014629F0
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_014848406_2_01484840
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_01462AD06_2_01462AD0
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_014A8AA06_2_014A8AA0
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_014B8AA06_2_014B8AA0
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_01464D706_2_01464D70
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_014B6C406_2_014B6C40
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_014B8CC06_2_014B8CC0
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_014B4EF06_2_014B4EF0
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_014B8EBE6_2_014B8EBE
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: String function: 01462840 appears 128 times
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: String function: 01467610 appears 42 times
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: String function: 0091C140 appears 108 times
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: String function: 00955CA6 appears 80 times
Source: 25690.01808D.msiBinary or memory string: OriginalFilenameAICustAct.dllF vs 25690.01808D.msi
Source: 25690.01808D.msiBinary or memory string: OriginalFilenameSoftwareDetector.dllF vs 25690.01808D.msi
Source: 25690.01808D.msiBinary or memory string: OriginalFilenamePowerShellScriptLauncher.dllF vs 25690.01808D.msi
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: apphelp.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: blauncher.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: uicontrol.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: qt5widgets.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: qt5gui.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: qt5network.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: qt5core.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: qt5widgets.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: qt5gui.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: qt5network.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: qt5core.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: wsock32.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: qt5webenginewidgets.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: qt5svg.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: qt5widgets.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: qt5gui.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: qt5core.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: qt5gui.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: qt5core.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: msvcp140_1.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: d3d11.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: dxgi.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: qt5core.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: qt5core.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: mpr.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: userenv.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: version.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: netapi32.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: winmm.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: msvcp140_1.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: version.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: d3dcompiler_47.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: netutils.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: srvcli.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: msimg32.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: wldp.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: profapi.dllJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Pictures\Screenshots\AStGGHNIlm.jpg, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive author = ditekSHen, description = Detects images embedding archives. Observed in TheRat RAT.
Source: Qt5Core.dll.1.drStatic PE information: Section: .qtmimed ZLIB complexity 0.997458770800317
Source: Vo8hgf.exe, 00000006.00000002.2084960658.000000006786D000.00000002.00000001.01000000.0000000C.sdmp, Qt5Core.dll.1.drBinary or memory string: bmer.nonet.rwnet.sgaquarellenet.shtel.trgliwice.plnet.slnet.sobjarkoy.nonet.ssnet.stus.gov.plinstantcloud.cnhole.nonet.thnet.syedu.krdnet.tjdnsalias.orgnet.tmnet.tntonsberg.nonet.tonycnet.uanet.trnet.tt*.lcl.devfroland.nosor-aurdal.nonet.twyura.wakayama.jpnet.ukbaseballbo.telemark.nocleaningnet.vc
Source: classification engineClassification label: mal80.evad.winMSI@24/43@0/0
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_014700B0 GetLastError,FormatMessageW,6_2_014700B0
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_01474810 FindResourceA,LoadResource,SizeofResource,LockResource,6_2_01474810
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CML5FEA.tmpJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6044:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6348:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5068:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2888:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5064:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4980:120:WilError_03
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF4BF87596046038A5.TMPJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = &apos;GBPSV.EXE&apos;
Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = &apos;CORE.EXE&apos;
Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = &apos;RAPPORTSERVICE.EXE&apos;
Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = &apos;RAPPORTMGMTSERVICE.EXE&apos;
Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = &apos;SCPBRADGUARD.EXE&apos;
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: Vo8hgf.exeString found in binary or memory: /launcher/launcher_started_stats
Source: Vo8hgf.exeString found in binary or memory: /launcher/feedback
Source: Vo8hgf.exeString found in binary or memory: /launcher/launcher_app_click_stats
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\25690.01808D.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 7AEE77A2D687777A7B17D9BDC9CFF799
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss6AFB.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi6AF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr6AF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr6AF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\ProgramData\BlueStacksXL\Vo8hgf.exe "C:\ProgramData\BlueStacksXL\Vo8hgf.exe"
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "IMAGENAME eq gbpsv.exe"
Source: C:\Windows\SysWOW64\tasklist.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "IMAGENAME eq core.exe"
Source: C:\Windows\SysWOW64\tasklist.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "IMAGENAME eq RapportService.exe"
Source: C:\Windows\SysWOW64\tasklist.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "IMAGENAME eq RapportMgmtService.exe"
Source: C:\Windows\SysWOW64\tasklist.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "IMAGENAME eq scpbradguard.exe"
Source: C:\Windows\SysWOW64\tasklist.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 7AEE77A2D687777A7B17D9BDC9CFF799Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss6AFB.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi6AF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr6AF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr6AF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\ProgramData\BlueStacksXL\Vo8hgf.exe "C:\ProgramData\BlueStacksXL\Vo8hgf.exe" Jump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "IMAGENAME eq gbpsv.exe"Jump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "IMAGENAME eq core.exe"Jump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "IMAGENAME eq RapportService.exe"Jump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "IMAGENAME eq RapportMgmtService.exe"Jump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "IMAGENAME eq scpbradguard.exe"Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "IMAGENAME eq gbpsv.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: 25690.01808D.msiStatic file information: File size 29327872 > 1048576
Source: Binary string: C:\code\robusta-launcher\Library\BLauncher\release\BLauncher.pdbKK source: Vo8hgf.exe, 00000006.00000002.2087906358.00000000686D5000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: d:\agent\_work\4\s\\binaries\x86ret\bin\i386\\msvcp140_1.i386.pdb source: Vo8hgf.exe, Vo8hgf.exe, 00000006.00000002.2083991650.00000000674F1000.00000020.00000001.01000000.00000011.sdmp
Source: Binary string: C:\code\robusta-launcher\Library\UIControl\release\UIControl.pdbhh source: Vo8hgf.exe, 00000006.00000002.2087662827.000000006864F000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdb source: 25690.01808D.msi, MSI6A90.tmp.1.dr, MSI5FA2.tmp.1.dr
Source: Binary string: C:\code\robusta-launcher\Library\UIControl\release\UIControl.pdb source: Vo8hgf.exe, 00000006.00000002.2087662827.000000006864F000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: d:\agent\_work\4\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: Vo8hgf.exe, Vo8hgf.exe, 00000006.00000002.2084405181.0000000067551000.00000020.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: Vo8hgf.exe, 00000006.00000002.2084960658.00000000679E6000.00000002.00000001.01000000.0000000C.sdmp, Qt5Core.dll.1.dr
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Network.pdb source: Vo8hgf.exe, 00000006.00000002.2085637728.0000000067BC2000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbU source: Vo8hgf.exe, 00000006.00000002.2084960658.00000000679E6000.00000002.00000001.01000000.0000000C.sdmp, Qt5Core.dll.1.dr
Source: Binary string: C:\code\robusta-launcher\Library\BLauncher\release\BLauncher.pdb source: Vo8hgf.exe, 00000006.00000002.2087906358.00000000686D5000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: Vo8hgf.exe, 00000006.00000002.2086349017.0000000067F89000.00000002.00000001.01000000.0000000A.sdmp, Qt5Gui.dll.1.dr
Source: Binary string: C:\Users\qt\work\qt\qtwebchannel\lib\Qt5WebChannel.pdb source: Qt5WebChannel.dll.1.dr
Source: Binary string: C:\Users\qt\work\qt\qtwebchannel\lib\Qt5WebChannel.pdb(( source: Qt5WebChannel.dll.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: 25690.01808D.msi
Source: Binary string: C:\code\rundir\qt\release\Cloud Game.pdb source: Vo8hgf.exe, 00000006.00000000.2065960204.000000000095E000.00000002.00000001.01000000.00000006.sdmp, Vo8hgf.exe, 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmp, Vo8hgf.exe.1.dr
Source: Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb,, source: Vo8hgf.exe, 00000006.00000002.2084286192.0000000067527000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbl source: 25690.01808D.msi
Source: Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: Vo8hgf.exe, 00000006.00000002.2087005196.0000000068481000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: 25690.01808D.msi, MSI5EA5.tmp.1.dr, MSI5E36.tmp.1.dr, MSI5D0C.tmp.1.dr, MSI5F15.tmp.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\PowerShellScriptLauncher.pdb_ source: 25690.01808D.msi, MSI6A90.tmp.1.dr, MSI5FA2.tmp.1.dr
Source: Binary string: d:\agent\_work\4\s\\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: Vo8hgf.exe, Vo8hgf.exe, 00000006.00000002.2084523629.0000000067571000.00000020.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\Users\qt\work\qt\qtsvg\lib\Qt5Svg.pdb source: Vo8hgf.exe, 00000006.00000002.2084286192.0000000067527000.00000002.00000001.01000000.00000010.sdmp
Source: Qt5Core.dll.1.drStatic PE information: section name: .qtmimed
Source: qwindows.dll.1.drStatic PE information: section name: .qtmetad
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\Vo8hgf.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5F15.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\Qt5Widgets.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\UIControl.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\platforms\qwindows.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\Qt5WebEngineWidgets.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\d3dcompiler_47.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5EA5.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\Qt5Network.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5D0C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\Qt5Gui.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\vcruntime140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\Qt5Core.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5EE5.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5E36.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6A90.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\Qt5WebChannel.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\BLauncher.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5E66.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\Qt5Svg.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\msvcp140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\msvcp140_1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\Vo8hgf.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\Qt5Widgets.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\UIControl.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\platforms\qwindows.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\Qt5WebEngineWidgets.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\d3dcompiler_47.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\Qt5Network.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\Qt5Gui.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\vcruntime140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\Qt5Core.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\Qt5WebChannel.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\BLauncher.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\Qt5Svg.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\msvcp140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\BlueStacksXL\msvcp140_1.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5F15.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5EA5.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5D0C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5EE5.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5E36.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6A90.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5E66.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Query firmware table information (likely to detect VMs)
Source: C:\Windows\SysWOW64\msiexec.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4270Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5538Jump to behavior
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI5F15.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\ProgramData\BlueStacksXL\platforms\qwindows.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI5EA5.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI5D0C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI5EE5.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI6A90.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI5E36.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\ProgramData\BlueStacksXL\Qt5WebChannel.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI5E66.tmpJump to dropped file
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeAPI coverage: 1.5 %
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3288Thread sleep count: 4270 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3288Thread sleep count: 5538 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6544Thread sleep time: -18446744073709540s >= -30000sJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_0148E780 CreateFileW,DeviceIoControl,FindFirstFileExW,FindClose,SetLastError,SetLastError,6_2_0148E780
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_0148EC10 FindFirstFileExW,FindClose,6_2_0148EC10
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_00955355 VirtualQuery,GetSystemInfo,6_2_00955355
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: Vo8hgf.exe, 00000006.00000002.2087943755.0000000068710000.00000004.00000001.01000000.00000007.sdmpBinary or memory string: This version of App Player requires Windows version 1903 or above. Please update Windows or disable Hyper-V and try again.
Source: Vo8hgf.exe, 00000006.00000002.2086550480.000000006819A000.00000008.00000001.01000000.0000000A.sdmpBinary or memory string: g.?AVQEmulationPaintEngine@@
Source: 25690.01808D.msiBinary or memory string: HKEY_USERSRegOpenKeyTransactedW::NetUserGetInfo() failed with error: \@invalid string_view positionVMware, Inc.VMware Virtual PlatformVMware7,1VMware20,1innotek GmbHVirtualBoxMicrosoft CorporationVirtual MachineVRTUALACRSYSA M IGetting system informationManufacturer [Model [BIOS [\\?\UNC\\\?\shim_clone%d.%d.%d.%dDllGetVersion[%!]%!ProgramFilesFolderCommonFilesFolderDesktopFolderAllUsersDesktopFolderAppDataFolderFavoritesFolderStartMenuFolderProgramMenuFolderStartupFolderFontsFolderLocalAppDataFolderCommonAppDataFolderProgramFiles64FolderProgramFilesProgramW6432SystemFolderSystem32FolderWindowsFolderWindowsVolumeTempFolderSETUPEXEDIRshfolder.dllSHGetFolderPathWProgramFilesAPPDATAPROGRAMFILES&+
Source: Vo8hgf.exe, 00000006.00000002.2087943755.0000000068710000.00000004.00000001.01000000.00000007.sdmpBinary or memory string: App Player cannot start since Hyper-V compute platform is not enabled on your PC.
Source: powershell.exe, 00000004.00000002.2176290936.00000000028F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}5Nwjs
Source: Vo8hgf.exe, 00000006.00000002.2087943755.0000000068710000.00000004.00000001.01000000.00000007.sdmpBinary or memory string: The installation failed because Hyper-V is enabled. Please disable Hyper-V to complete installation.
Source: Vo8hgf.exe, 00000006.00000002.2087943755.0000000068710000.00000004.00000001.01000000.00000007.sdmpBinary or memory string: You should enable Hyper-V to start App Player. Visit the FAQs to learn more.
Source: Vo8hgf.exe, 00000006.00000002.2087943755.0000000068710000.00000004.00000001.01000000.00000007.sdmpBinary or memory string: How can I disable Hyper-V?
Source: Vo8hgf.exe, 00000006.00000002.2086550480.000000006819A000.00000008.00000001.01000000.0000000A.sdmp, Qt5Gui.dll.1.drBinary or memory string: .?AVQEmulationPaintEngine@@
Source: powershell.exe, 00000004.00000002.2176290936.00000000028F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\'h#
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_00956665 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00956665
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_0146E070 GetProcessHeap,HeapAlloc,RtlAllocateHeap,6_2_0146E070
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_009562E3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_009562E3
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_00956665 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00956665
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_009567F9 SetUnhandledExceptionFilter,6_2_009567F9

HIPS / PFW / Operating System Protection Evasion

barindex
Bypasses PowerShell execution policy
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss6AFB.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi6AF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr6AF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr6AF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss6AFB.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi6AF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr6AF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr6AF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\ProgramData\BlueStacksXL\Vo8hgf.exe "C:\ProgramData\BlueStacksXL\Vo8hgf.exe" Jump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "IMAGENAME eq gbpsv.exe"Jump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "IMAGENAME eq core.exe"Jump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "IMAGENAME eq RapportService.exe"Jump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "IMAGENAME eq RapportMgmtService.exe"Jump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "IMAGENAME eq scpbradguard.exe"Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\users\user\appdata\local\temp\pss6afb.ps1" -propfile "c:\users\user\appdata\local\temp\msi6af7.txt" -scriptfile "c:\users\user\appdata\local\temp\scr6af8.ps1" -scriptargsfile "c:\users\user\appdata\local\temp\scr6af9.txt" -propsep " :<->: " -linesep " <<:>> " -testprefix "_testvalue."
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -noprofile -noninteractive -executionpolicy bypass -file "c:\users\user\appdata\local\temp\pss6afb.ps1" -propfile "c:\users\user\appdata\local\temp\msi6af7.txt" -scriptfile "c:\users\user\appdata\local\temp\scr6af8.ps1" -scriptargsfile "c:\users\user\appdata\local\temp\scr6af9.txt" -propsep " :<->: " -linesep " <<:>> " -testprefix "_testvalue."Jump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_00956484 cpuid 6_2_00956484
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: GetLocaleInfoA,6_2_0148ED90
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: GetLocaleInfoW,GetLocaleInfoW,6_2_0148ECCF
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: GetLocaleInfoW,GetLocaleInfoW,6_2_0148ECF0
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: GetThreadLocale,GetLocaleInfoA,EnumCalendarInfoA,EnumCalendarInfoA,6_2_0148F16F
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: GetThreadLocale,GetLocaleInfoA,EnumCalendarInfoA,EnumCalendarInfoA,6_2_0148F170
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_00956863 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,6_2_00956863
Source: C:\ProgramData\BlueStacksXL\Vo8hgf.exeCode function: 6_2_00916050 ?removeServer@QLocalServer@@SA_NABVQString@@@Z,?setSocketOptions@QLocalServer@@QAEXV?$QFlags@W4SocketOption@QLocalServer@@@@@Z,?listen@QLocalServer@@QAE_NABVQString@@@Z,6_2_00916050

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		1
Windows Management Instrumentation		1
DLL Side-Loading		11
Process Injection		21
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services11
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts12
Command and Scripting Interpreter		Boot or Logon Initialization Scripts1
DLL Side-Loading		121
Virtualization/Sandbox Evasion		LSASS Memory221
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
PowerShell		Logon Script (Windows)Logon Script (Windows)11
Process Injection		Security Account Manager2
Process Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDS121
Virtualization/Sandbox Evasion		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information		LSA Secrets1
Application Window Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Software Packing		Cached Domain Credentials11
Peripheral Device Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSync2
File and Directory Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
File Deletion		Proc Filesystem35
System Information Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1423764 Sample: 25690.01808D.msi Startdate: 10/04/2024 Architecture: WINDOWS Score: 80 59 Malicious sample detected (through community Yara rule) 2->59 61 Antivirus detection for URL or domain 2->61 63 Multi AV Scanner detection for dropped file 2->63 65 2 other signatures 2->65 10 msiexec.exe 30 62 2->10         started        13 msiexec.exe 2 2->13         started        process3 file4 43 C:\Windows\Installer\MSI6A90.tmp, PE32 10->43 dropped 45 C:\Windows\Installer\MSI5F15.tmp, PE32 10->45 dropped 47 C:\Windows\Installer\MSI5EE5.tmp, PE32 10->47 dropped 49 19 other files (7 malicious) 10->49 dropped 15 msiexec.exe 9 10->15         started        process5 file6 51 C:\Users\user\AppData\Local\...\scr6AF8.ps1, Unicode 15->51 dropped 53 C:\Users\user\AppData\Local\...\pss6AFB.ps1, Unicode 15->53 dropped 55 Query firmware table information (likely to detect VMs) 15->55 57 Bypasses PowerShell execution policy 15->57 19 powershell.exe 18 15->19         started        signatures7 process8 process9 21 Vo8hgf.exe 4 19->21         started        23 conhost.exe 19->23         started        process10 25 tasklist.exe 1 21->25         started        27 tasklist.exe 1 21->27         started        29 tasklist.exe 1 21->29         started        31 2 other processes 21->31 process11 33 conhost.exe 25->33         started        35 conhost.exe 27->35         started        37 conhost.exe 29->37         started        39 conhost.exe 31->39         started        41 conhost.exe 31->41         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
25690.01808D.msi11%ReversingLabs
25690.01808D.msi7%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\ProgramData\BlueStacksXL\BLauncher.dll0%ReversingLabs
C:\ProgramData\BlueStacksXL\BLauncher.dll0%VirustotalBrowse
C:\ProgramData\BlueStacksXL\Qt5Core.dll0%ReversingLabs
C:\ProgramData\BlueStacksXL\Qt5Core.dll0%VirustotalBrowse
C:\ProgramData\BlueStacksXL\Qt5Gui.dll0%ReversingLabs
C:\ProgramData\BlueStacksXL\Qt5Gui.dll0%VirustotalBrowse
C:\ProgramData\BlueStacksXL\Qt5Network.dll0%ReversingLabs
C:\ProgramData\BlueStacksXL\Qt5Network.dll0%VirustotalBrowse
C:\ProgramData\BlueStacksXL\Qt5Svg.dll0%ReversingLabs
C:\ProgramData\BlueStacksXL\Qt5Svg.dll0%VirustotalBrowse
C:\ProgramData\BlueStacksXL\Qt5WebChannel.dll0%ReversingLabs
C:\ProgramData\BlueStacksXL\Qt5WebChannel.dll0%VirustotalBrowse
C:\ProgramData\BlueStacksXL\Qt5WebEngineWidgets.dll0%ReversingLabs
C:\ProgramData\BlueStacksXL\Qt5WebEngineWidgets.dll0%VirustotalBrowse
C:\ProgramData\BlueStacksXL\Qt5Widgets.dll0%ReversingLabs
C:\ProgramData\BlueStacksXL\Qt5Widgets.dll0%VirustotalBrowse
C:\ProgramData\BlueStacksXL\UIControl.dll0%ReversingLabs
C:\ProgramData\BlueStacksXL\UIControl.dll0%VirustotalBrowse
C:\ProgramData\BlueStacksXL\Vo8hgf.exe0%ReversingLabs
C:\ProgramData\BlueStacksXL\Vo8hgf.exe0%VirustotalBrowse
C:\ProgramData\BlueStacksXL\d3dcompiler_47.dll22%ReversingLabsWin32.Trojan.Zusy
C:\ProgramData\BlueStacksXL\d3dcompiler_47.dll17%VirustotalBrowse
C:\ProgramData\BlueStacksXL\msvcp140.dll0%ReversingLabs
C:\ProgramData\BlueStacksXL\msvcp140.dll0%VirustotalBrowse
C:\ProgramData\BlueStacksXL\msvcp140_1.dll0%ReversingLabs
C:\ProgramData\BlueStacksXL\msvcp140_1.dll0%VirustotalBrowse
C:\ProgramData\BlueStacksXL\platforms\qwindows.dll0%ReversingLabs
C:\ProgramData\BlueStacksXL\platforms\qwindows.dll0%VirustotalBrowse
C:\ProgramData\BlueStacksXL\vcruntime140.dll0%ReversingLabs
C:\ProgramData\BlueStacksXL\vcruntime140.dll0%VirustotalBrowse
C:\Windows\Installer\MSI5D0C.tmp0%ReversingLabs
C:\Windows\Installer\MSI5D0C.tmp1%VirustotalBrowse
C:\Windows\Installer\MSI5E36.tmp0%ReversingLabs
C:\Windows\Installer\MSI5E36.tmp1%VirustotalBrowse
C:\Windows\Installer\MSI5E66.tmp0%ReversingLabs
C:\Windows\Installer\MSI5E66.tmp1%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://ocsp.entrust.net030%URL Reputationsafe
http://ocsp.entrust.net030%URL Reputationsafe
http://ocsp.entrust.net020%URL Reputationsafe
http://ocsp.entrust.net010%URL Reputationsafe
http://ocsp.entrust.net000%URL Reputationsafe
https://contoso.com/License0%URL Reputationsafe
https://contoso.com/License0%URL Reputationsafe
https://contoso.com/0%URL Reputationsafe
http://pesterbdd.com/images/Pester.png100%URL Reputationmalware
https://go.micro0%URL Reputationsafe
https://contoso.com/Icon0%URL Reputationsafe
http://www.phreedom.org/md5)08:270%Avira URL Cloudsafe
https://wallet.now.ggNowggHostrunasbool0%Avira URL Cloudsafe
https://now.gg0%Avira URL Cloudsafe
https://xcs-api.now.gg0%Avira URL Cloudsafe
https://dev-x.bstkinternal.net/qt-webchannel-wemix-demo/https://wallet.now.gg/7680de98-488a-410c-9610%Avira URL Cloudsafe
https://discord.com/oauth2/authorize0%Avira URL Cloudsafe
http://www.phreedom.org/md5)0%Avira URL Cloudsafe
http://www.phreedom.org/md5)08:271%VirustotalBrowse
http://www.color.org)0%Avira URL Cloudsafe
https://xcs-api.now.gg0%VirustotalBrowse
https://dev-x.bstkinternal.net/qt-webchannel-wemix-demo/https://wallet.now.gg/7680de98-488a-410c-9610%VirustotalBrowse
https://wallet.now.gg/0%Avira URL Cloudsafe
https://wallet.now.gg0%Avira URL Cloudsafe
https://dev-x.bstkinternal.net/qt-webchannel-wemix-demo/0%Avira URL Cloudsafe
https://now.gg0%VirustotalBrowse
https://wallet.now.gg/0%VirustotalBrowse
https://discord.com/oauth2/authorize1%VirustotalBrowse
http://www.phreedom.org/md5)1%VirustotalBrowse
https://wallet.now.gg0%VirustotalBrowse
https://dev-x.bstkinternal.net/qt-webchannel-wemix-demo/0%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://crl.entrust.net/g2ca.crl0Qt5WebChannel.dll.1.dr, Qt5Gui.dll.1.drfalse
    		high
    https://x-api.bluestacks.comVo8hgf.exe, 00000006.00000002.2087906358.00000000686D5000.00000002.00000001.01000000.00000007.sdmpfalse
      		high
      http://www.phreedom.org/md5)08:27Vo8hgf.exe, 00000006.00000002.2085637728.0000000067BC2000.00000002.00000001.01000000.0000000B.sdmpfalse
      • 1%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      http://ocsp.entrust.net03Qt5WebChannel.dll.1.dr, Qt5Gui.dll.1.drfalse
      • URL Reputation: safe
      • URL Reputation: safe
      		unknown
      http://ocsp.entrust.net02Qt5WebChannel.dll.1.dr, Qt5Gui.dll.1.drfalse
      • URL Reputation: safe
      		unknown
      http://ocsp.entrust.net01Qt5WebChannel.dll.1.dr, Qt5Gui.dll.1.drfalse
      • URL Reputation: safe
      		unknown
      http://ocsp.entrust.net00Qt5WebChannel.dll.1.dr, Qt5Gui.dll.1.drfalse
      • URL Reputation: safe
      		unknown
      https://cloud.bluestacks.comVo8hgf.exe, 00000006.00000002.2087906358.00000000686D5000.00000002.00000001.01000000.00000007.sdmpfalse
        		high
        https://contoso.com/Licensepowershell.exe, 00000004.00000002.2181609752.0000000005836000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        		unknown
        https://www.bluestacks.com/Vo8hgf.exe, Vo8hgf.exe, 00000006.00000000.2065960204.000000000095E000.00000002.00000001.01000000.00000006.sdmp, Vo8hgf.exe, 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmp, Vo8hgf.exe.1.drfalse
          		high
          https://dev-x.bstkinternal.net/qt-webchannel-wemix-demo/https://wallet.now.gg/7680de98-488a-410c-961Vo8hgf.exe, 00000006.00000002.2087906358.00000000686D5000.00000002.00000001.01000000.00000007.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          http://bugreports.qt.io/Vo8hgf.exe, 00000006.00000002.2085637728.0000000067BC2000.00000002.00000001.01000000.0000000B.sdmpfalse
            		high
            https://xcs-api.now.ggVo8hgf.exe, 00000006.00000002.2087906358.00000000686D5000.00000002.00000001.01000000.00000007.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://crl.entrust.net/csbr1.crl0Qt5WebChannel.dll.1.dr, Qt5Gui.dll.1.drfalse
              		high
              http://www.google.com/images/icons/product/search-32.gifVo8hgf.exe, 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpfalse
                		high
                https://aka.ms/pscore6lBpowershell.exe, 00000004.00000002.2178968735.00000000047D1000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://contoso.com/powershell.exe, 00000004.00000002.2181609752.0000000005836000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://nuget.org/nuget.exepowershell.exe, 00000004.00000002.2181609752.0000000005836000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://now.ggVo8hgf.exe, 00000006.00000002.2087906358.00000000686D5000.00000002.00000001.01000000.00000007.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.google.com/images/icons/product/search-16.gifVo8hgf.exe, 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpfalse
                      		high
                      https://developers.google.com/blogger/docs/3.0/getting_startedVo8hgf.exe, 00000006.00000002.2083522637.00000000101CB000.00000002.00000001.01000000.0000000F.sdmpfalse
                        		high
                        http://aia.entrust.net/evcs2-chain.p7c01Qt5WebChannel.dll.1.dr, Qt5Gui.dll.1.drfalse
                          		high
                          http://crl.entrust.net/ts1ca.crl0Qt5WebChannel.dll.1.dr, Qt5Gui.dll.1.drfalse
                            		high
                            https://wallet.now.ggNowggHostrunasboolVo8hgf.exe, 00000006.00000002.2087906358.00000000686D5000.00000002.00000001.01000000.00000007.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000004.00000002.2178968735.00000000047D1000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.entrust.net/rpa0Qt5Gui.dll.1.drfalse
                                		high
                                https://discord.com/oauth2/authorizeVo8hgf.exe, Vo8hgf.exe, 00000006.00000000.2065960204.000000000095E000.00000002.00000001.01000000.00000006.sdmp, Vo8hgf.exe, 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmp, Vo8hgf.exe.1.drfalse
                                • 1%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.google.com/images/icons/product/blogger-32.pngVo8hgf.exe, 00000006.00000002.2083522637.00000000101CB000.00000002.00000001.01000000.0000000F.sdmpfalse
                                  		high
                                  https://developers.google.com/admin-sdk/reports/Vo8hgf.exe, 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpfalse
                                    		high
                                    http://www.phreedom.org/md5)Vo8hgf.exe, 00000006.00000002.2085637728.0000000067BC2000.00000002.00000001.01000000.0000000B.sdmpfalse
                                    • 1%, Virustotal, Browse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://nuget.org/NuGet.exepowershell.exe, 00000004.00000002.2181609752.0000000005836000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.google.com/images/icons/product/blogger-16.pngVo8hgf.exe, 00000006.00000002.2083522637.00000000101CB000.00000002.00000001.01000000.0000000F.sdmpfalse
                                        		high
                                        http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000004.00000002.2178968735.0000000004926000.00000004.00000800.00020000.00000000.sdmptrue
                                        • URL Reputation: malware
                                        		unknown
                                        http://www.aiim.org/pdfa/ns/id/Vo8hgf.exe, 00000006.00000002.2086349017.0000000067F89000.00000002.00000001.01000000.0000000A.sdmp, Qt5Gui.dll.1.drfalse
                                          		high
                                          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000004.00000002.2178968735.0000000004926000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://go.micropowershell.exe, 00000004.00000002.2178968735.0000000004FFA000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://www.bluestacks.com/background-color:Vo8hgf.exe, 00000006.00000000.2065960204.000000000095E000.00000002.00000001.01000000.00000006.sdmp, Vo8hgf.exe, 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmp, Vo8hgf.exe.1.drfalse
                                              		high
                                              http://www.entrust.net/rpa03Qt5WebChannel.dll.1.dr, Qt5Gui.dll.1.drfalse
                                                		high
                                                https://contoso.com/Iconpowershell.exe, 00000004.00000002.2181609752.0000000005836000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://aia.entrust.net/ts1-chain256.cer01Qt5WebChannel.dll.1.dr, Qt5Gui.dll.1.drfalse
                                                  		high
                                                  http://www.color.org)Vo8hgf.exe, 00000006.00000002.2086349017.0000000067F89000.00000002.00000001.01000000.0000000A.sdmp, Qt5Gui.dll.1.drfalse
                                                  • Avira URL Cloud: safe
                                                  		low
                                                  https://github.com/Pester/Pesterpowershell.exe, 00000004.00000002.2178968735.0000000004926000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://wallet.now.gg/Vo8hgf.exe, 00000006.00000002.2087906358.00000000686D5000.00000002.00000001.01000000.00000007.sdmpfalse
                                                    • 0%, Virustotal, Browse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://xcs.bluestacks.comVo8hgf.exe, 00000006.00000002.2087906358.00000000686D5000.00000002.00000001.01000000.00000007.sdmpfalse
                                                      		high
                                                      https://wallet.now.ggVo8hgf.exe, 00000006.00000002.2087906358.00000000686D5000.00000002.00000001.01000000.00000007.sdmpfalse
                                                      • 0%, Virustotal, Browse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://dev-x.bstkinternal.net/qt-webchannel-wemix-demo/Vo8hgf.exe, 00000006.00000002.2087906358.00000000686D5000.00000002.00000001.01000000.00000007.sdmpfalse
                                                      • 0%, Virustotal, Browse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://bugreports.qt.io/_q_receiveReplyensureClientPrefaceSentMicrosoft-IIS/4.Microsoft-IIS/5.NetscaVo8hgf.exe, 00000006.00000002.2085637728.0000000067BC2000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                        		high
                                                        http://crl.entrust.net/evcs2.crl0Qt5WebChannel.dll.1.dr, Qt5Gui.dll.1.drfalse
                                                          		high
                                                          http://crl.entrust.net/2048ca.crl0Qt5WebChannel.dll.1.dr, Qt5Gui.dll.1.drfalse
                                                            		high
                                                            https://www.entrust.net/rpa0Qt5WebChannel.dll.1.dr, Qt5Gui.dll.1.drfalse
                                                              		high

                                                              World Map of Contacted IPs

                                                              No contacted IP infos

                                                              General Information

                                                              Joe Sandbox version:40.0.0 Tourmaline
                                                              Analysis ID:1423764
                                                              Start date and time:2024-04-10 11:23:10 +02:00
                                                              Joe Sandbox product:CloudBasic
                                                              Overall analysis duration:0h 8m 30s
                                                              Hypervisor based Inspection enabled:false
                                                              Report type:full
                                                              Cookbook file name:default.jbs
                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                              Number of analysed new started processes analysed:19
                                                              Number of new started drivers analysed:0
                                                              Number of existing processes analysed:0
                                                              Number of existing drivers analysed:0
                                                              Number of injected processes analysed:0
                                                              Technologies:
                                                              • HCA enabled
                                                              • EGA enabled
                                                              • AMSI enabled
                                                              Analysis Mode:default
                                                              Analysis stop reason:Timeout
                                                              Sample name:25690.01808D.msi
                                                              Detection:MAL
                                                              Classification:mal80.evad.winMSI@24/43@0/0
                                                              EGA Information:
                                                              • Successful, ratio: 50%
                                                              HCA Information:
                                                              • Successful, ratio: 100%
                                                              • Number of executed functions: 45
                                                              • Number of non-executed functions: 127
                                                              Cookbook Comments:
                                                              • Found application associated with file extension: .msi

                                                              Warnings

                                                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                              • Execution Graph export aborted for target powershell.exe, PID 4416 because it is empty
                                                              • Not all processes where analyzed, report is missing behavior information

                                                              Simulations

                                                              Behavior and APIs

                                                              TimeTypeDescription
                                                              11:24:02API Interceptor45x Sleep call for process: powershell.exe modified

                                                              Joe Sandbox View / Context

                                                              IPs

                                                              No context

                                                              Domains

                                                              No context

                                                              ASNs

                                                              No context

                                                              JA3 Fingerprints

                                                              No context

                                                              Dropped Files

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              C:\ProgramData\BlueStacksXL\BLauncher.dllDf.mes-25664.msiGet hashmaliciousUnknownBrowse
                                                                C:\ProgramData\BlueStacksXL\Qt5Network.dllDf.mes-25664.msiGet hashmaliciousUnknownBrowse
                                                                  C:\ProgramData\BlueStacksXL\Qt5Core.dllDf.mes-25664.msiGet hashmaliciousUnknownBrowse
                                                                    C:\ProgramData\BlueStacksXL\Qt5Gui.dllDf.mes-25664.msiGet hashmaliciousUnknownBrowse

                                                                      Created / dropped Files

                                                                      C:\Config.Msi\615984.rbs

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:data
                                                                      Category:modified
                                                                      Size (bytes):3698
                                                                      Entropy (8bit):5.690686043627705
                                                                      Encrypted:false
                                                                      SSDEEP:48:KcU9ncReARkmDPhmdNzpVkeK75wuxTrj4LcP5tsmcUXuMlADwI+gL5moNVojAX6b:KPnlAr0fKIR66D0q5hoji62L0
                                                                      MD5:B4F6AADE8D1DA10A063AF145EC61C1F3
                                                                      SHA1:66A6DADDC5CF855671097D70B159E871389200B1
                                                                      SHA-256:283AF3B7205277361D67E3477782B162BBE070EFA2D95E97F0F573DDD6999183
                                                                      SHA-512:C5F1A2A19DF43F0C056EC8795B8B82BBCE3218F084B30CB4FF9BC46C4EE327611E67EBFED400D87F116293D618B8955C6937A3685AF8D0E4DDC5CEBA7C0F0130
                                                                      Malicious:false
                                                                      Preview:...@IXOS.@.....@.[.X.@.....@.....@.....@.....@.....@......&.{9A1B43B3-227E-4D64-A597-45408F02A66B}..Carregando.....25690.01808D.msi.@.....@.....@.....@........&.{DC25F973-C1ED-46DD-B97E-0ADBDABAB8E6}.....@.....@.....@.....@.......@.....@.....@.......@......Carregando.........Rollback..A.....o. .d.e. .r.e.s.t.a.u.r.a.....o.....RollbackCleanup..Removendo arquivos de backup..Arquivo: [1]....ProcessComponents%.Atualizando o registro de componentes..&.{32C7A1E8-B69E-4765-89A7-6E618A2A0D00}&.{9A1B43B3-227E-4D64-A597-45408F02A66B}.@......&.{B223AD11-1079-4AE7-A31C-9CCE0B165CC0}&.{9A1B43B3-227E-4D64-A597-45408F02A66B}.@......&.{9DFCACDB-1C88-4329-99DF-B6E3309B367F}&.{9A1B43B3-227E-4D64-A597-45408F02A66B}.@......&.{F5E8BF7D-1C5F-4A71-BDB1-C087D9E57ABB}&.{9A1B43B3-227E-4D64-A597-45408F02A66B}.@......&.{BC1D1A31-6D93-4831-AFC3-A161F1A1FD34}&.{9A1B43B3-227E-4D64-A597-45408F02A66B}.@......&.{AF3EB3DB-9959-4993-B247-35A705BC5CE5}&.{9A1B43B3-227E-4D64-A597-45408F02A66B}.@......&.{1D5EB4D9-9425-4307-8

                                                                      C:\ProgramData\BlueStacksXL\BLauncher.dll

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):654712
                                                                      Entropy (8bit):6.734583344180703
                                                                      Encrypted:false
                                                                      SSDEEP:12288:5+htMg3JeUcjdOc21C9QuV9W3NzLojX/L9BhCRURxFE4oerB88:zAYQuV9bvBFRDseq8
                                                                      MD5:4A4FEB9D9B46DE346D406E0547B74F55
                                                                      SHA1:122C7FA24F4608BF96A5D2F2F093BCDF26A48CA6
                                                                      SHA-256:6BD24AA18C1BDEA866B389006A0A3AAA6005AA368748D06B9BDBBF8562EBB072
                                                                      SHA-512:A80C9B2E0DB56BDC2500EB18E8C03E441C25D915B8A4A333816A13C29E597A45183A484BF82F3C6E982A9766227A12DD31CF2935FD4605735F713FFFDF7344C4
                                                                      Malicious:false
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                                                      Joe Sandbox View:
                                                                      • Filename: Df.mes-25664.msi, Detection: malicious, Browse
                                                                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......=.;.y.U.y.U.y.U.p..q.U...P.x.U.+.Q.s.U.+.V.}.U.+.T.}.U...Q.{.U...T.q.U...T.r.U.+.P.c.U...\.{.U.y.T.n.U...P.[.U...U.x.U...x.U...W.x.U.Richy.U.........................PE..L......d...........!.....6...........U.......P...............................0......E.....@.........................p"...V..|x..,....p..................x)......T....`..T....................`..........@............P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data....a.......J..................@....rsrc........p.......(..............@..@.reloc..T............*..............@..B................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\BlueStacksXL\Qt5Core.dll

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):5400856
                                                                      Entropy (8bit):6.849603153165608
                                                                      Encrypted:false
                                                                      SSDEEP:98304:1pJI2zYpVYwXRvq14Jsv6tWKFdu9C1vrXcgwP:pId4KJsv6tWKFdu9C14FP
                                                                      MD5:2AD642641EED8D5455C84C1B8B7304B3
                                                                      SHA1:A6C7B1D6DCA812BD0DEAA1445397C39615FF7733
                                                                      SHA-256:7193B04CCB2FD5156C82E3C343A9B25785CABFF9210F5BD5420EABD22D6FD2B6
                                                                      SHA-512:1D72FE685284FF1C4CC3823A1F669C845A7695AAB7AA6F13051CA3BC01EA46EE1DF615671DE005C10C070969844896521BEE23194058CBFB760E40F3187D697B
                                                                      Malicious:false
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                                                      Joe Sandbox View:
                                                                      • Filename: Df.mes-25664.msi, Detection: malicious, Browse
                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......\..G..............A..............y..........................................................U.......4.....................-.......E.............Rich............PE..L...)..a...........!......(...)......&.......(....g..........................R.....7.R...@.........................@ID.$...dgK.......Q..............:R../... Q..}....A.T...................@.A.....P.A.@.............(.t............................text...'.(.......(................. ..`.rdata...."...(..."...(.............@..@.data.........K..J...~K.............@....qtmimed..... L.......K.............@..P.rsrc.........Q.......P.............@..@.reloc...}... Q..~....P.............@..B................................................................................................................................................................................................................................

                                                                      C:\ProgramData\BlueStacksXL\Qt5Gui.dll

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):5908760
                                                                      Entropy (8bit):6.797992219806982
                                                                      Encrypted:false
                                                                      SSDEEP:49152:Q0e4fId9/gZlIKl4l+2d05tfWivXcigbrcgKwQ7iDYPpw3ESX3P2AmMtNNfg7CB1:GgQKl52OzWi1geIY9g3+9y5B
                                                                      MD5:1C90402D9D2B716F048401A6D565D5DC
                                                                      SHA1:9D7671356525E32E84C0F9100045E242B42D0987
                                                                      SHA-256:52B22003B0E56F8F7E0946B9079DE07F3937EEDA904C768BB57BA1425F5B7F50
                                                                      SHA-512:36914700B6D6DADD9354E13469A1A7AB1144151633548B4DC127D75AD801AF9F9D95CF74ED958E0FA40AF9D6F2F38508FBC401D5662958358629969BB4738570
                                                                      Malicious:false
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                                                      Joe Sandbox View:
                                                                      • Filename: Df.mes-25664.msi, Detection: malicious, Browse
                                                                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........3.L.R...R...R...*8..R..H#...R..H#...R..H#...R..H#...R..c ...R...9...R...9...R...R...W..c ...R..c ...S..c ...R..c T..R...R<..R..c ...R..Rich.R..........................PE..L......a...........!.....v6...#.....>k6.......6...............................Z.......Z...@.........................@J=.`"...lV.h....PX...............Y../...`X..#...<.T.....................<.....8.<.@.............6..............................text....u6......v6................. ..`.rdata.... ...6... ..z6.............@..@.data...L....`W......DW.............@....rsrc........PX.......W.............@..@.reloc...#...`X..$....W.............@..B................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\BlueStacksXL\Qt5Network.dll

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):1065240
                                                                      Entropy (8bit):6.694735149930599
                                                                      Encrypted:false
                                                                      SSDEEP:12288:v4ZE2+MIEmeDPSqa0YxDW6A9RCYqzQyNh27tkK60tf/ZYFP6cPNhojy:vNUIELzSV0YhW6hzQsvK6QqXNSjy
                                                                      MD5:B2B0CFB88743F59AAE52F870A70CB88C
                                                                      SHA1:7CD6AF6FE242FEF9D565A81936A1D894FBD888E4
                                                                      SHA-256:943B14BD9C99D95A3914B4571F2AC44D2D8F0DDF1009A2283B6F3005A3F40F5C
                                                                      SHA-512:4B1FEFF9647EB415C10B1E470F1A54DCD34B580E0C0C492DF22FA4AD7226F52F6BF08893AA389D96BBEE57D87165FCF1B42E03838F0D37983F4AE7EEABB07A99
                                                                      Malicious:false
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                                                      Joe Sandbox View:
                                                                      • Filename: Df.mes-25664.msi, Detection: malicious, Browse
                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........?.^...^...^...&...^...5...^..)/...^..)/...^..)/...^..)/...^...5...^...,...^...^..D]...,...^...,...^...,~..^...^...^...,...^..Rich.^..........................PE..L......a...........!................f........ .....d.........................P............@.............................<e..,v..T....`.................../...p......d...T...............................@............ ..8............................text............................... ..`.rdata....... ......................@..@.data...d8... ...&..................@....rsrc........`.......2..............@..@.reloc.......p.......8..............@..B........................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\BlueStacksXL\Qt5Svg.dll

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):270104
                                                                      Entropy (8bit):6.735521607694658
                                                                      Encrypted:false
                                                                      SSDEEP:6144:kV4+syDEs/YLeqwZWDR9EBGFoLwfxMUWGWGRGLrh6eltZVu8WM4FyUIEDvumj/V8:kKeZWDRyBGFoLw21qsrhjfu8WM4www
                                                                      MD5:1A71E17A6AF0F9CD70951B3DB017AD2C
                                                                      SHA1:C11543496A4CE510947E63A5ED2B36AD6AA9EBCD
                                                                      SHA-256:55C0D1B826F97AF394DD5EB6286BA1C6FCDE5233265DC201977CCE2B02E1362A
                                                                      SHA-512:22EAC8A5D4369909A2B2EF83DF0750F1E33098A3F11568377F2E016878E9698E2BBC160617F3D6AD18118F56F915D126E8D81CB93137D122CF2493EE15CE1935
                                                                      Malicious:false
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........wn...=...=...=...=...=W..<...=...<...=W..<...=W..<...=W..<...=|..<...=...=>..=|..<...=|..<...=|..=...=..=...=|..<...=Rich...=........................PE..L......a...........!.....X..........9_.......p.....f......................... ......_.....@.............................@}..@=.........................../......@/.....T...........................(...@............p..`............................text....V.......X.................. ..`.rdata...L...p...N...\..............@..@.data...............................@....rsrc...............................@..@.reloc..@/.......0..................@..B................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\BlueStacksXL\Qt5WebChannel.dll

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):112920
                                                                      Entropy (8bit):6.778606161155995
                                                                      Encrypted:false
                                                                      SSDEEP:1536:8ISAIdUqEQ0hbvtLyTRKpg38WOdJz7MMhRhZ7zAmInv/Wgmwz5JzmegKOonPD6X:zdIODtLq8WkXZnrIv/WgmwbmbKN0
                                                                      MD5:F83CF11AE61FF11BBA02989D17EA8315
                                                                      SHA1:917329F59BC5725DC1EEABF4A83E5021CDA5107D
                                                                      SHA-256:59800BCF40F39E4357724F9CA77C743FD38B1D194D2275D4B2D3377CBFCF4890
                                                                      SHA-512:60D24966DA1B492BB5651D019970A8815530D6A43713866CC2BCE44603A5D419464B8770581A72A5745E048FE0A71ADE10A7824D26BD7F0D830412A9452FB52B
                                                                      Malicious:false
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z.vv...%...%...%...%...%...$...%...$...%...$...%...$...%...$...%...$...%...%6..%...$...%...$...%...%...%..%...%...$...%Rich...%........................PE..L...p..a...........!.................................................................!....@.........................P#... ...C.........................../......\...,...T...................@...........@............................................text............................... ..`.rdata..............................@..@.data................j..............@....rsrc................p..............@..@.reloc..\............v..............@..B................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\BlueStacksXL\Qt5WebEngineWidgets.dll

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):51310685
                                                                      Entropy (8bit):0.5359028873566885
                                                                      Encrypted:false
                                                                      SSDEEP:49152:ChnPPh/wSzmSoC+97kaAyztm9xjFCRuCawhDwQjc:Chh/MSoCHYzQPF2iY
                                                                      MD5:4F1271C51C99E7778FB048732772D013
                                                                      SHA1:3DF600B39526BD2928D9D0DA4A26249C53AF5DE1
                                                                      SHA-256:BA011310F05221A981AB30CDE6FB147222EBA838E32F6F02826C166DFC89B491
                                                                      SHA-512:6ABD4B8F66BF11C3768C280AF91FA272363C5610F758375E568892241459D7A60D80370483D2C9FA7326E981F4F37E41D68EA48497CFA83E41BAEDF431B9738E
                                                                      Malicious:false
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#....`....................................................p(.......................................$.`h...`$.......%......................0&..0..................................................|h$..............................text...`........................... ..`.data...............................@....rdata..............................@..@.bss..........#..........................CRT.........P$......Z#.............@....idata...0...`$..2...\#.............@....edata..`h....$..j....#.............@..@.rsrc.........%.......#.............@....reloc...0...0&..2....%.............@..B........................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\BlueStacksXL\Qt5Widgets.dll

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):4467992
                                                                      Entropy (8bit):6.83507368091318
                                                                      Encrypted:false
                                                                      SSDEEP:49152:iiltmxMDlWXtk1QVoMV3LngeZZMvyvGfjNc:ixtPVL3MvWGf5c
                                                                      MD5:41BBB1193ED83FE0CFC2104091295BC7
                                                                      SHA1:B5694B1176C7630C848618154784AE2B2CAFEE7B
                                                                      SHA-256:05DD06CF4ED7DF62DC2878B06011F2B87AA26E064F9E378C04171E2844CF0BDB
                                                                      SHA-512:4FD7A52B06BCB5E3292A91A3F847BA268B7D877E67DF1C22C16EB01A7CB73E1DB1C64186F2AD9229C815D11696B98D4B4D0EDDDA80E559561F6ACF5F261F48B6
                                                                      Malicious:false
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........b...1...1...1..B1...1...0...1...0...1...0...1...0...1...0...1...0...1?..0...1...1...1?..0...1?..0...1?..1...1..F1...1?..0...1Rich...1................PE..L......a...........!......*...........*.......+....e.........................0D.......D...@.........................._6.L'....>.T....`A...............C../...pA.x....u5.T....................v5......u5.@.............+../...........................text...:.*.......*................. ..`.rdata..H.....+.......+.............@..@.data....w....@..r....@.............@....rsrc........`A......@A.............@..@.reloc..x....pA......FA.............@..B................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\BlueStacksXL\UIControl.dll

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):376184
                                                                      Entropy (8bit):6.681358859086061
                                                                      Encrypted:false
                                                                      SSDEEP:6144:R0w+XRA2Vv2lbjf05Dnq1RsTlYr7We5kJKB7i0xnOdVuSlYsHWVP6lTzIaMTHlCQ:R24057gRSYr7WeIIW+x
                                                                      MD5:5F2EE05B0A73CDB45E07AA2F0182E1AF
                                                                      SHA1:E1D50AC1F5C932033A04D9D4265302886337089F
                                                                      SHA-256:DD37DD2D198AAF7DE85A465DB0FE03125C936CD5EFC9339A176D3A8D28B811E4
                                                                      SHA-512:ACBA7922B903153D29D651209E04FF8EB62752650F9292C0720F870E049B2BD6395CC5C6360F730776FD764ECC7F6401094FA0D0E007CAA50CC1050016B33F5F
                                                                      Malicious:false
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s..e..e..e.....e......e......e......e......e......e..^...e..8...e..e..Bf..8....e..8...e..8...e..8...e..Rich.e..........PE..L......d...........!.................u...................................................@.............................0... a.......P..................x)...`..dm..lo..T....................p.......o..@...............\............................text............................... ..`.rdata...,..........................@..@.data....+... ......................@....rsrc........P.......$..............@..@.reloc..dm...`...n...&..............@..B................................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\BlueStacksXL\Vo8hgf.exe

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):824696
                                                                      Entropy (8bit):5.901423723820782
                                                                      Encrypted:false
                                                                      SSDEEP:12288:Qpc7CAeGEXK5kHAN7dNkcKxvAOwLqiT+xed:Qpc7al65XVqiTxd
                                                                      MD5:FB8B69DA795B160D022AA663B17B2AD7
                                                                      SHA1:C7D0AECFCD791EE9FDDB71F408FDEF6E4A574602
                                                                      SHA-256:6E97C61F0A4183AAF8C22550D8E7C82566C4928120124518144A05A5B7B8868E
                                                                      SHA-512:E373C0B7D02C37D6B00ADE7AC8E03BBEE58039846A1C5B1ADE54A51F773133AF608423577405F44B04B0F4C1163181CBE3D3209C3D1663718A022413EE5723AB
                                                                      Malicious:false
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                                                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........F.9.'.j.'.j.'.j._Mj.'.j.R.k.'.j.R.k.'.j.R.k.'.j.U.k.'.jBU.k.'.jBU.k.'.j.R.k.'.j.U.k.'.jbR.k.'.j.'.j.%.jbR.kr'.jbR!j.'.j.'Ij.'.jbR.k.'.jRich.'.j........................PE..L...i..d.........."..................b............@.......................................@.....................................T....p...............l..x)...0...m..\D..T............................C..@.......................@....................text............................... ..`.rdata...d.......f..................@..@.data........P.......2..............@....rsrc........p.......F..............@..@.reloc...m...0...n..................@..B................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\BlueStacksXL\d3dcompiler_47.dll

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):543232
                                                                      Entropy (8bit):6.3847743353277275
                                                                      Encrypted:false
                                                                      SSDEEP:12288:nMGz0zG0ZLrMBHlUC8SDvqKojjdbLxvFfuV0GZpBgid2gYW4P:nSzthrOHlUC8SDvqK+3GZpBgGYWG
                                                                      MD5:4180919CED7336017FBF845F914EFD42
                                                                      SHA1:DE94FBD4607970955DA9DFADC04399BB6752A1E9
                                                                      SHA-256:E526D6190D1E5E55E060E3F5E4ED735251D304B2FDFC15FB6E5B2983DEF60634
                                                                      SHA-512:AA2C88539AFC8E9A88EE17819DD99C83098AA08FA4E3778FD9B4A640C0005D09323ECF3AA13DDD39CFA060D26902023C74C4CE8C2C4BA16A69894A95350066AC
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 22%
                                                                      • Antivirus: Virustotal, Detection: 17%, Browse
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.........f...............................................0.......................................p..T....`..P...................................................................................Pb...............................text............................... ..`.data....f.......h..................@....rdata..0.... ......................@..@.bss.....................................CRT.........P......................@....idata..)....`......................@....edata..T....p......................@..@.rsrc...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\BlueStacksXL\msvcp140.dll

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):436600
                                                                      Entropy (8bit):6.6477298373221965
                                                                      Encrypted:false
                                                                      SSDEEP:12288:igt0BGzePo6+J+4P0xYv7IQgkhUgiW6QR7t5s03Ooc8dHkC2esPYWKd:d01Po6+J+dxYv7IQgz03Ooc8dHkC2e6E
                                                                      MD5:10D9438BD24F31A41583B846583B63FC
                                                                      SHA1:A3694496865CEA9CAF6C1089558EDC1F5D9C529F
                                                                      SHA-256:B9AEFAF687812AF08A5144BA4F0BC904C1ADCD1CE8E84ACF51BC830E74C967CC
                                                                      SHA-512:A3E26819F3D63BAC366A7609079217BAD5F756D9BF076C30529D1E03C67959A78997E65460D38247AAF46BE32C0789130EEF69A534380BFE310AD481C2CCC7CE
                                                                      Malicious:false
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p.. 4.os4.os4.os..nr6.os=..s".os4.ns..osf.nr7.osf.kr?.osf.lr<.osf.jr..osf.or5.osf.s5.osf.mr5.osRich4.os........................PE..L.... .`.........."!.........~...............0.......................................A....@A.........................T......<c..........................x#.......6...W..8............................W..@............`..8............................text...b........................... ..`.data...L(...0......................@....idata.......`.......2..............@..@.rsrc................J..............@..@.reloc...6.......8...N..............@..B........................................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\BlueStacksXL\msvcp140_1.dll

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):21368
                                                                      Entropy (8bit):6.475259005534306
                                                                      Encrypted:false
                                                                      SSDEEP:384:CK2b9mpdhYQjny3d9Wcs5gWI314gHRN7zohlvW:CTuQ+yI63
                                                                      MD5:E6158BA0AD022058DD52C1E9D332E924
                                                                      SHA1:53937861B952F01C878B0FE50D52F28A6B0D079C
                                                                      SHA-256:ACFBE9DA7F8C6D3DE7F43B9D30A22F70D353488753E844777DE82AE34D82BD5E
                                                                      SHA-512:DF261403609F74EDF195C2647E67E22F7328D97C32DFC7323201C8A500031A0B30C089C9A9E5FD63DD08247248D2B157B7A2A99672151244E5582CE4684A7C05
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(D.vl%.%l%.%l%.%.U.$n%.%e]/%h%.%>P.$f%.%>P.$m%.%l%.%D%.%>P.$i%.%>P.$x%.%>P.$m%.%>PC%m%.%>P.$m%.%Richl%.%........................PE..L...G!.`.........."!.........................0...............................p......p.....@A.........................*..J....@..x....P...............0..x#...`..t...X...8...............................@............@...............................text...J........................... ..`.data...8....0....... ..............@....idata.......@......."..............@..@.rsrc........P.......(..............@..@.reloc..t....`.......,..............@..B........................................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\BlueStacksXL\platforms\qwindows.dll

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):1242392
                                                                      Entropy (8bit):6.833716195234627
                                                                      Encrypted:false
                                                                      SSDEEP:24576:pvqNDPie5+MckaKqoO5DNETgCm/h3RNdtAQOj4idd7zL4ltZ3LR7Gs:kabZLAPzWdn
                                                                      MD5:1CD579BC77C7282412BFA35B27AE4348
                                                                      SHA1:607ED0B2B41738F6D0EC961CBBD0B9895A91F114
                                                                      SHA-256:9F024B70B7E533001D7107D06CD96DEE8C09F51F61020B9707DD937830CD4107
                                                                      SHA-512:0E551A95BE34806E2B0BCF23CF3D27B06A93363185EA70267031CA9A946AAE3C040CDB11396B917FD9D89D46F23C984C2BAAD78AE17238FD8944F51FCB43D4D2
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                                                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......u..*1..y1..y1..y8..y%..y...x$..y...x;..y...x8..y...x5..y%.x2..y%.x0..y...x5..y...x...y%.x$..y1..y...y...xx..y...x0..y..ty0..y...x0..yRich1..y........................PE..L...o..a...........!.........V............................................... ............@.............................x............P..H................/...`.....lc..T....................d.......c..@...............h............................text............................... ..`.rdata..^8.......:..................@..@.data....V.......6..................@....qtmetad.....@......................@..P.rsrc...H....P......................@..@.reloc......`......................@..B........................................................................................................................................................................................................................

                                                                      C:\ProgramData\BlueStacksXL\vcruntime140.dll

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):76152
                                                                      Entropy (8bit):6.766849735581876
                                                                      Encrypted:false
                                                                      SSDEEP:1536:LoHuqvERNjBwySXtVaSvrgOFw9RxKMnxecbC2nO+:LoHZMRNjKySdLcOiHxecbC2n1
                                                                      MD5:B8AE902FE1909C0C725BA669074292E2
                                                                      SHA1:46524EFF65947CBEF0E08F97C98A7B750D6077F3
                                                                      SHA-256:657AB198C4035EC4B6FF6CF863C2EC99962593547AF41B772593715DE2DF459C
                                                                      SHA-512:4A70740DA0D5CDBD6B3C3869BCF6141CB32C929CB73728BD2044DD16896A3A1CAFA28B0714FADCDB265172B62FA113095D379F3A7C16A248E86C8F7F89ECD0F4
                                                                      Malicious:false
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................{.........i.............................................................Rich....................PE..L.... .`.........."!.........................................................@.......K....@A......................................... ..................x#...0.......#..8............................#..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                      Download File
                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):1416
                                                                      Entropy (8bit):5.435083238806725
                                                                      Encrypted:false
                                                                      SSDEEP:24:3+ytGWSKco4KmZjKbm51s4RPT6moUebIl+mZ9t7J0gt/NK3R829r+SVb+W:uyAWSU4xymI4RfoUeU+mZ9tK8NWR8Ojv
                                                                      MD5:091897EFCDBFA44A8DD2EFF0CEBDCC53
                                                                      SHA1:2F249F48CEFCC234E86C96644D6239626809CAB1
                                                                      SHA-256:3595F3FF3E35293DE78E16A003FDA050CAF3739C6D46399A81F26FA9E463F23D
                                                                      SHA-512:D12498B7F4DA3F6FD55C7F49FBA3EBA9EE93CFAE2BF8E9DC5F51E56326B771D977B741A186DB0A0E090082D30F99704A2E7339F2913CB87E13B365B0F56CEF5E
                                                                      Malicious:false
                                                                      Preview:@...e...........!.....................^..............@..........P................1]...E.....!.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fvudhoxg.oi2.ps1

                                                                      Download File
                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tc4sby52.myo.psm1

                                                                      Download File
                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\pss6AFB.ps1

                                                                      Download File
                                                                      Process:C:\Windows\SysWOW64\msiexec.exe
                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):6668
                                                                      Entropy (8bit):3.5127462716425657
                                                                      Encrypted:false
                                                                      SSDEEP:96:5Wb5VNkKmeHn/V2BVrIovmgNlGjxcj6BngOcvjb:5WbyZ/gVyvb
                                                                      MD5:30C30EF2CB47E35101D13402B5661179
                                                                      SHA1:25696B2AAB86A9233F19017539E2DD83B2F75D4E
                                                                      SHA-256:53094DF6FA4E57A3265FF04BC1E970C10BCDB3D4094AD6DD610C05B7A8B79E0F
                                                                      SHA-512:882BE2768138BB75FF7DDE7D5CA4C2E024699398BAACD0CE1D4619902402E054297E4F464D8CB3C22B2F35D3DABC408122C207FACAD64EC8014F2C54834CF458
                                                                      Malicious:true
                                                                      Preview:..p.a.r.a.m.(..... . .[.a.l.i.a.s.(.".p.r.o.p.F.i.l.e.".).]. . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.O.u.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".p.r.o.p.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.K.V.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".l.i.n.e.S.e.p.".).]. . . . . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.m.s.i.P.r.o.p.L.i.n.e.S.e.p.a.r.a.t.o.r..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.F.i.l.e.".).]. . . . .[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. .[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.F.i.l.e.P.a.t.h..... .,.[.a.l.i.a.s.(.".s.c.r.i.p.t.A.r.g.s.F.i.l.e.".).].[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.f.a.l.s.e.).].[.s.t.r.i.n.g.]. .$.u.s.e.r.S.c.r.i.p.t.A.r.g.s.F.i.l.e.P.a.t.h..... .,.[.P.a.r.a.m.e.t.e.r.(.M.a.n.d.a.t.o.r.y.=.$.t.r.u.e.).]. . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                      C:\Users\user\AppData\Local\Temp\scr6AF8.ps1

                                                                      Download File
                                                                      Process:C:\Windows\SysWOW64\msiexec.exe
                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):1362
                                                                      Entropy (8bit):3.6756638594722397
                                                                      Encrypted:false
                                                                      SSDEEP:24:QDqslqbwOjcKevo63aHSJ9FCmNHjJCxYkPmRumURusYISCZu5HmlHUTjJN:kqsK/IK2jljS5M/43Ssu5GFejz
                                                                      MD5:5F961E7CDB39F5BDBE8F6917092CFD4C
                                                                      SHA1:5DBD310A67DD31DA3E5F6EE8091D3903741DCA7E
                                                                      SHA-256:845BA6BD927C72C0A3698D2C13D197796449F0A26D59790581F8DDDB0F058A8C
                                                                      SHA-512:A9BBA815666D4E8427DF993640B2D4EB0905D30971B1FEF958CCCADCBA3A494FB2AE1B95EB7BA1614113A30E74BBF545BE835D77DEB00248D24BA76EB32E749B
                                                                      Malicious:true
                                                                      Preview:..$.{.f.I.`.L.E.N.`.A.m.E.}. .=. .(.".{.0.}.{.2.}.{.1.}.". .-.f.'.V.o.8.h.g.f...'.,.'.e.'.,.'.e.x.'.).....$.{.b.`.A.r.}. .=. .".\.".....$.{.L.O.`.C.a.L.d.`.I.R.}. .=. .$.{.E.N.v.`.:.`.P.R.O.g.`.R.`.A.m.`.D.a.T.A.}.....$.{.l.O.C.A.l.`.d.`.I.r.}. .=. .$.{.l.o.C.A.`.L.`.d.i.r.}. .+. .$.{.B.`.A.R.}. .+. .(.".{.0.}.{.1.}.{.3.}.{.2.}.". .-.f. .'.B.l.u.e.'.,.'.S.t.a.c.'.,.'.s.X.L.'.,.'.k.'.).....w.h.i.l.e. .(.-.n.o.t. .(.&.(.".{.2.}.{.0.}.{.1.}.". .-.f.'.s.t.-.P.a.t.'.,.'.h.'.,.'.T.e.'.). .$.{.L.o.C.a.l.`.d.I.r.}.\.$.{.f.i.l.`.e.n.A.`.M.e.}.).). .{.....&.(.".{.0.}.{.2.}.{.3.}.{.1.}.".-.f.'.S.'.,.'.e.p.'.,.'.t.a.r.t.'.,.'.-.S.l.e.'.). .-.S.e.c.o.n.d.s. .2.....}.......(.".{.2.}.{.0.}.{.1.}.". .-.f. .'.r.t.-.P.r.o.c.'.,.'.e.s.s.'.,.'.S.t.a.'.). .-.F.i.l.e.P.a.t.h. . .".`.".$.l.o.c.a.l.d.i.r.\.$.F.i.l.e.N.a.m.e.`.".". .-.W.i.n.d.o.w.S.t.y.l.e. .H.i.d.d.e.n.......(.".{.2.}.{.1.}.{.0.}.". .-.f. .'.p.'.,.'.e.e.'.,.'.S.t.a.r.t.-.S.l.'.). .-.S.e.c.o.n.d.s. .5.....w.h.i.l.e. .(.(.&.(.".{.2.}.{.0.}.{.1.

                                                                      C:\Users\user\Pictures\Screenshots\AStGGHNIlm.jpg

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 700x466, components 3
                                                                      Category:dropped
                                                                      Size (bytes):1440006
                                                                      Entropy (8bit):7.396278132222198
                                                                      Encrypted:false
                                                                      SSDEEP:24576:ktIeZgFvwAlRJiQ3l9laq/NaY9bzw/FwGWTfx/yQ+FwUfO90jpXV+t:kGFvwA17X/lb8O5TZ/Z+Fw+E4s
                                                                      MD5:C63D827172ED195113E070E46315EF60
                                                                      SHA1:A1DF6BC415E8E08DCACE75BF28EEB57E24B4FD52
                                                                      SHA-256:2729D00C1A1EC86EFD1E1DA2C8481CDEC06B12E82806F5B837F1C2E6A66E2948
                                                                      SHA-512:FF6810E215202DAF615D12BBBF0B8C7CA0DB7F1F7838ECD9E3DF82A31B9320B2D3B797441C67874AC25BA9A1232EEB23B8473D842857599B57ED40C49DC6FCF4
                                                                      Malicious:false
                                                                      Yara Hits:
                                                                      • Rule: INDICATOR_SUSPICIOUS_IMG_Embedded_Archive, Description: Detects images embedding archives. Observed in TheRat RAT., Source: C:\Users\user\Pictures\Screenshots\AStGGHNIlm.jpg, Author: ditekSHen
                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(..

                                                                      C:\Users\user\Pictures\Screenshots\IrZxPkYYJE.jpg

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 640x420, components 3
                                                                      Category:dropped
                                                                      Size (bytes):14954315
                                                                      Entropy (8bit):7.998654589291493
                                                                      Encrypted:true
                                                                      SSDEEP:393216:GNpiqLurBW0Q7xBSsCiUUetcDm8siPiENcn/JNax5A/gj6a:GNPKjQFBSAUUuIPsi6YcSCS
                                                                      MD5:262DBD3074E63F2AA906C6DBB8D5BFAD
                                                                      SHA1:975AB812ADF369D6B5132DB491794397DAD20C9C
                                                                      SHA-256:C1ABE1649C98339D15313BAD7158C990AF916439DF5D07BD86F19B852E21E516
                                                                      SHA-512:7F2AA8C5EC1A944684DCFB0CED85D7C44DB9EB7234CAD5EF5DCA5CF31F93DE1E26C4CBF1A5D16811FBA893775C29C71CE10DE55C1F9F9C0951CB2838BB852E1D
                                                                      Malicious:false
                                                                      Preview:......Exif..II*.................Ducky.......<.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5.1 Windows" xmpMM:InstanceID="xmp.iid:C2F40D505B9111EA9E71988E8F4B3D9E" xmpMM:DocumentID="xmp.did:C2F40D515B9111EA9E71988E8F4B3D9E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C2F40D4E5B9111EA9E71988E8F4B3D9E" stRef:documentID="xmp.did:C2F40D4F5B9111EA9E71988E8F4B3D9E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................

                                                                      C:\Windows\Installer\615982.msi

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {DC25F973-C1ED-46DD-B97E-0ADBDABAB8E6}, Number of Words: 10, Subject: Carregando..., Author: {3F4C8711-6762-44A7-9120-0DFF35FE6004}, Name of Creating Application: Carregando..., Template: ;1046, Comments: Carregando..., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Apr 2 21:21:52 2024, Number of Pages: 200
                                                                      Category:dropped
                                                                      Size (bytes):29327872
                                                                      Entropy (8bit):7.94764269927865
                                                                      Encrypted:false
                                                                      SSDEEP:786432:b/5E6qrb9HIAdwKfLFbdhbUqZUyrOKLF+hS4PU5+:beFIAOoPhAwrOFZPUU
                                                                      MD5:2B0155BFFC9D2C3B1607557E50843049
                                                                      SHA1:02678061F63F0BB0BB8155F8B54A13C9FE39CF0E
                                                                      SHA-256:70492103FE59217C37A64AB3BBF7D53498822D6B167F8FE1C5DBCD250A115F51
                                                                      SHA-512:345BFCDF855A8365E75FE2479588F021C08FFFFD8A90335582D4BF81D8630822B667AF4949C9E37351B8EEDAB906A74D17FB385126D1DE38BCD5E3C45841EA27
                                                                      Malicious:false
                                                                      Preview:......................>...........................................a...........G.......c.......k.......................................q.......................................................................!..."...#...$...%...&...'...(...)...*...w....... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...............=...............#...4........................................................................................... ...!..."...,...$...%...&...'...(...)...*...+...-.......2.../...0...1...5...3...>...@...6...7...8...9...:...;...<...d.......?...F...A...B...C...D...E...c...........I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                      C:\Windows\Installer\MSI5D0C.tmp

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):601920
                                                                      Entropy (8bit):6.469032452979565
                                                                      Encrypted:false
                                                                      SSDEEP:12288:g+zdBoU6TPAjp66Ulgc2zGz5gCxOWIGvn:HBoBTopk1QGz53sWIGvn
                                                                      MD5:CADBCF6F5A0199ECC0220CE23A860D89
                                                                      SHA1:073C149D68916520AEA882E588AB9A5AE083D75A
                                                                      SHA-256:42EF18C42FE06709F3C86157E2270358F3C93D14BE2E173B8FAE8EDCEFDDFCA0
                                                                      SHA-512:CEBB128BDC04E6B29DF74BEDCC375A340AC037563D828AF3455DE41F31D2E464F82F85C97CA9910A4A7C819EFA906AA4A4560174F184CEE316F53E3D2B5CDCCC
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      • Antivirus: Virustotal, Detection: 1%, Browse
                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......|.J.8.$.8.$.8.$...'.5.$...!.$.. .).$..'./.$..!.r.$... .!.$...".9.$...%...$.8.%.$...-.R.$...$.9.$.....9.$.8...9.$...&.9.$.Rich8.$.........................PE..L...R+Jd.........."!...#.<...........W.......P...............................0......5R....@..........................W..d....a..,.......................@=...... h......p..............................@............P..l............................text....:.......<.................. ..`.rdata..:,...P.......@..............@..@.data... %...........n..............@....rsrc................~..............@..@.reloc.. h.......j..................@..B........................................................................................................................................................................................................................................................................

                                                                      C:\Windows\Installer\MSI5E36.tmp

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):601920
                                                                      Entropy (8bit):6.469032452979565
                                                                      Encrypted:false
                                                                      SSDEEP:12288:g+zdBoU6TPAjp66Ulgc2zGz5gCxOWIGvn:HBoBTopk1QGz53sWIGvn
                                                                      MD5:CADBCF6F5A0199ECC0220CE23A860D89
                                                                      SHA1:073C149D68916520AEA882E588AB9A5AE083D75A
                                                                      SHA-256:42EF18C42FE06709F3C86157E2270358F3C93D14BE2E173B8FAE8EDCEFDDFCA0
                                                                      SHA-512:CEBB128BDC04E6B29DF74BEDCC375A340AC037563D828AF3455DE41F31D2E464F82F85C97CA9910A4A7C819EFA906AA4A4560174F184CEE316F53E3D2B5CDCCC
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      • Antivirus: Virustotal, Detection: 1%, Browse
                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......|.J.8.$.8.$.8.$...'.5.$...!.$.. .).$..'./.$..!.r.$... .!.$...".9.$...%...$.8.%.$...-.R.$...$.9.$.....9.$.8...9.$...&.9.$.Rich8.$.........................PE..L...R+Jd.........."!...#.<...........W.......P...............................0......5R....@..........................W..d....a..,.......................@=...... h......p..............................@............P..l............................text....:.......<.................. ..`.rdata..:,...P.......@..............@..@.data... %...........n..............@....rsrc................~..............@..@.reloc.. h.......j..................@..B........................................................................................................................................................................................................................................................................

                                                                      C:\Windows\Installer\MSI5E66.tmp

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):601920
                                                                      Entropy (8bit):6.469032452979565
                                                                      Encrypted:false
                                                                      SSDEEP:12288:g+zdBoU6TPAjp66Ulgc2zGz5gCxOWIGvn:HBoBTopk1QGz53sWIGvn
                                                                      MD5:CADBCF6F5A0199ECC0220CE23A860D89
                                                                      SHA1:073C149D68916520AEA882E588AB9A5AE083D75A
                                                                      SHA-256:42EF18C42FE06709F3C86157E2270358F3C93D14BE2E173B8FAE8EDCEFDDFCA0
                                                                      SHA-512:CEBB128BDC04E6B29DF74BEDCC375A340AC037563D828AF3455DE41F31D2E464F82F85C97CA9910A4A7C819EFA906AA4A4560174F184CEE316F53E3D2B5CDCCC
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      • Antivirus: Virustotal, Detection: 1%, Browse
                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......|.J.8.$.8.$.8.$...'.5.$...!.$.. .).$..'./.$..!.r.$... .!.$...".9.$...%...$.8.%.$...-.R.$...$.9.$.....9.$.8...9.$...&.9.$.Rich8.$.........................PE..L...R+Jd.........."!...#.<...........W.......P...............................0......5R....@..........................W..d....a..,.......................@=...... h......p..............................@............P..l............................text....:.......<.................. ..`.rdata..:,...P.......@..............@..@.data... %...........n..............@....rsrc................~..............@..@.reloc.. h.......j..................@..B........................................................................................................................................................................................................................................................................

                                                                      C:\Windows\Installer\MSI5EA5.tmp

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):601920
                                                                      Entropy (8bit):6.469032452979565
                                                                      Encrypted:false
                                                                      SSDEEP:12288:g+zdBoU6TPAjp66Ulgc2zGz5gCxOWIGvn:HBoBTopk1QGz53sWIGvn
                                                                      MD5:CADBCF6F5A0199ECC0220CE23A860D89
                                                                      SHA1:073C149D68916520AEA882E588AB9A5AE083D75A
                                                                      SHA-256:42EF18C42FE06709F3C86157E2270358F3C93D14BE2E173B8FAE8EDCEFDDFCA0
                                                                      SHA-512:CEBB128BDC04E6B29DF74BEDCC375A340AC037563D828AF3455DE41F31D2E464F82F85C97CA9910A4A7C819EFA906AA4A4560174F184CEE316F53E3D2B5CDCCC
                                                                      Malicious:true
                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......|.J.8.$.8.$.8.$...'.5.$...!.$.. .).$..'./.$..!.r.$... .!.$...".9.$...%...$.8.%.$...-.R.$...$.9.$.....9.$.8...9.$...&.9.$.Rich8.$.........................PE..L...R+Jd.........."!...#.<...........W.......P...............................0......5R....@..........................W..d....a..,.......................@=...... h......p..............................@............P..l............................text....:.......<.................. ..`.rdata..:,...P.......@..............@..@.data... %...........n..............@....rsrc................~..............@..@.reloc.. h.......j..................@..B........................................................................................................................................................................................................................................................................

                                                                      C:\Windows\Installer\MSI5EE5.tmp

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):1113920
                                                                      Entropy (8bit):6.482155702273381
                                                                      Encrypted:false
                                                                      SSDEEP:24576:Yrm9OQ7RASiBuE1XmbP5DHLr/yseWq516Jr6+GnzeyD3wUMRAg4Jj:N9bY2bP5DHLr/yDWq516Jr6+GnzeyD3L
                                                                      MD5:F944125EF94DBF5D539B22C8D7D6F233
                                                                      SHA1:A1CD91E26E860205CF7BCAF4BABDEDB0D357948F
                                                                      SHA-256:A80F16A0B25361E40D60582C41812608DF79B8F0EA6D739DC5055C153B67BC87
                                                                      SHA-512:9BF281D1BE823C83458DB6D6DE36CF733863B4630A825A9F05AC2ADBF917BB220752101E232FE876C7F663A9741D8E36F583955202827D345B5E0D610A8381DD
                                                                      Malicious:true
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}.2;..a;..a;..a.n.`6..a.n.`...a.`.`*..a.`.`,..a.`.`h..a.n.`"..a.n.`$..a;..a...a.a.`...a.a.`:..a.aEa:..a;.-a:..a.a.`:..aRich;..a........................PE..L...7,Jd.........."!...#.L...........R.......`.......................................L....@............................t...d...........................@=......0=..h...p...............................@............`..4............................text....K.......L.................. ..`.rdata..*Q...`...R...P..............@..@.data...@...........................@....rsrc................~..............@..@.reloc..0=.......>..................@..B................................................................................................................................................................................................................................................................................

                                                                      C:\Windows\Installer\MSI5F15.tmp

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):601920
                                                                      Entropy (8bit):6.469032452979565
                                                                      Encrypted:false
                                                                      SSDEEP:12288:g+zdBoU6TPAjp66Ulgc2zGz5gCxOWIGvn:HBoBTopk1QGz53sWIGvn
                                                                      MD5:CADBCF6F5A0199ECC0220CE23A860D89
                                                                      SHA1:073C149D68916520AEA882E588AB9A5AE083D75A
                                                                      SHA-256:42EF18C42FE06709F3C86157E2270358F3C93D14BE2E173B8FAE8EDCEFDDFCA0
                                                                      SHA-512:CEBB128BDC04E6B29DF74BEDCC375A340AC037563D828AF3455DE41F31D2E464F82F85C97CA9910A4A7C819EFA906AA4A4560174F184CEE316F53E3D2B5CDCCC
                                                                      Malicious:true
                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......|.J.8.$.8.$.8.$...'.5.$...!.$.. .).$..'./.$..!.r.$... .!.$...".9.$...%...$.8.%.$...-.R.$...$.9.$.....9.$.8...9.$...&.9.$.Rich8.$.........................PE..L...R+Jd.........."!...#.<...........W.......P...............................0......5R....@..........................W..d....a..,.......................@=...... h......p..............................@............P..l............................text....:.......<.................. ..`.rdata..:,...P.......@..............@..@.data... %...........n..............@....rsrc................~..............@..@.reloc.. h.......j..................@..B........................................................................................................................................................................................................................................................................

                                                                      C:\Windows\Installer\MSI5FA2.tmp

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):662811
                                                                      Entropy (8bit):6.596324745269644
                                                                      Encrypted:false
                                                                      SSDEEP:12288:73gXL0HoaNpc+DlaAFLPoWbVZLPyoYNNQIw7/CcX8wy4MAj5lOmt7:UXLocG1Pb5ZLPyoYNNQIY/TMwyNAj5bJ
                                                                      MD5:8DFE2FE0494F9A4E3086489D0C84416C
                                                                      SHA1:8070CD6E782295C47E640816F24CFC8AD4DF65CB
                                                                      SHA-256:794C485F096E21FF50D0FE249BD28D5A185AA0AF246931270D84297C1A0EBE77
                                                                      SHA-512:4F34B270DD018B6DB4CDFC0B55F6FEF99C24851DAF7EE7317A58BFEFF27E99FD538427CBD2A840C6DB79DCC6AC298E0C5BEA1BEBE40162C65D95F27212D46D8E
                                                                      Malicious:false
                                                                      Preview:...@IXOS.@.....@.[.X.@.....@.....@.....@.....@.....@......&.{9A1B43B3-227E-4D64-A597-45408F02A66B}..Carregando.....25690.01808D.msi.@.....@.....@.....@........&.{DC25F973-C1ED-46DD-B97E-0ADBDABAB8E6}.....@.....@.....@.....@.......@.....@.....@.......@......Carregando.........Rollback..A.....o. .d.e. .r.e.s.t.a.u.r.a.....o.....RollbackCleanup..Removendo arquivos de backup..Arquivo: [1]...@.......@........ProcessComponents%.Atualizando o registro de componentes...@.....@.....@.]....&.{32C7A1E8-B69E-4765-89A7-6E618A2A0D00} .C:\Users\user\AppData\Roaming\.@.......@.....@.....@......&.{B223AD11-1079-4AE7-A31C-9CCE0B165CC0}I.01:\Software\{3F4C8711-6762-44A7-9120-0DFF35FE6004}\Carregando...\Version.@.......@.....@.....@......&.{9DFCACDB-1C88-4329-99DF-B6E3309B367F}).C:\ProgramData\BlueStacksXL\BLauncher.dll.@.......@.....@.....@......&.{F5E8BF7D-1C5F-4A71-BDB1-C087D9E57ABB}..C:\ProgramData\BlueStacksXL\d3dcompiler_47.dll.@.......@.....@.....@......&.{BC1D1A31-6D93-4831-AFC3-A161F1A1FD34}(.C

                                                                      C:\Windows\Installer\MSI6A90.tmp

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):653120
                                                                      Entropy (8bit):6.581534725195107
                                                                      Encrypted:false
                                                                      SSDEEP:12288:H3gXL0HoaNpc+DlaAFLPoWbVZLPyoYNNQIw7/CcX8wy4MAj5lOmt3:wXLocG1Pb5ZLPyoYNNQIY/TMwyNAj5b9
                                                                      MD5:F08DA2F2D82F838716C63DA5D0104E13
                                                                      SHA1:C59924CC4358E839C0F81456995A436F10487D24
                                                                      SHA-256:CA1031830CA5BA15278CB078B17D8754A6BED4BE4456CA06AF347F58CBDED75D
                                                                      SHA-512:F2A836F863092DB99217CEBB93E18A6AB215505E053C8D11A33B75627012D53599D6D7D2E9216000171211D6734F231397552D7F16A020CCCA7272BFB321DF5C
                                                                      Malicious:true
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...VfM.VfM.VfM.$eL.VfM.$cLnVfM.$bL.VfM}*bL.VfM}*eL.VfM}*cL.VfM.$gL.VfM.VgM.WfM.+oL.VfM.+fL.VfM.+.M.VfM.V.M.VfM.+dL.VfMRich.VfM........................PE..L....+Jd.........."!...#.J..........z........`............................................@.........................p<.......=..........................@=......D[...s..p...................@t.......r..@............`...............................text...XH.......J.................. ..`.rdata.......`.......N..............@..@.data........P.......<..............@....rsrc................X..............@..@.reloc..D[.......\...^..............@..B................................................................................................................................................................................................................................................................................

                                                                      C:\Windows\Installer\SourceHash{9A1B43B3-227E-4D64-A597-45408F02A66B}

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                      Category:dropped
                                                                      Size (bytes):20480
                                                                      Entropy (8bit):1.1656744340005596
                                                                      Encrypted:false
                                                                      SSDEEP:12:JSbX72Fj+3iAGiLIlHVRpLh/7777777777777777777777777vDHF7iTeR0l0i8Q:JFQI5P5vF
                                                                      MD5:409DD4FAC18F8C83624D8624A383964C
                                                                      SHA1:2325C74860602A7F07F5188F4E6274272E1F8344
                                                                      SHA-256:161F142596F584379DE9A949D7C57AABE8F072B3EF459E9D32347548A86B9C04
                                                                      SHA-512:CA296F267BEFF9145F8D029F7F79E908E160872E60F163AEA26B6A6CA0874188B0925C47A711DD813F0C465A518D3F383BD972D86DF6A7C116D3E8EE2CF06EE9
                                                                      Malicious:false
                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                      Category:dropped
                                                                      Size (bytes):20480
                                                                      Entropy (8bit):1.4994142460537594
                                                                      Encrypted:false
                                                                      SSDEEP:48:F8Phj7uRc06WXJSnT5veSnAErCyprSjTHj:ohj71JnTBeBwCW6j
                                                                      MD5:545E24C30C98F2DE42E82816DA55F6CF
                                                                      SHA1:95EAEF1AC251CBA67B68DD5405435198E8ACF271
                                                                      SHA-256:6A10A3281973F5FF264CFD33566C2B12F92F5A9DEEFD1E3C757D1928AEDB3451
                                                                      SHA-512:B57704A97973845D0B4FB79A97641CD484749B5B265391B553426660BC42E5DBC16939A8F85A817C507E154C0DA0DDA55E5152D8CC46B380828E8308D44880FC
                                                                      Malicious:false
                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):364484
                                                                      Entropy (8bit):5.365491642760846
                                                                      Encrypted:false
                                                                      SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauZ:zTtbmkExhMJCIpEm
                                                                      MD5:6B83BCC94DC61F39FC0EF757BA92E58A
                                                                      SHA1:DA3B5D0F893EB483618E73E4A38E9719BFA6291F
                                                                      SHA-256:103DE2FD89432DB9F768ECC8D96F3299B743F8E5FA50F75F81DD9CE0247F50DD
                                                                      SHA-512:E042002E46163BED7F764D14ED67FDD38C9881D5ADE13BE296991E96E7521FF1B11D2AB21A1A6553D84662CF39F8183686231EC0D981C5DA21230D6881EA8522
                                                                      Malicious:false
                                                                      Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                      C:\Windows\Temp\~DF05E963382CD05524.TMP

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                      Category:dropped
                                                                      Size (bytes):32768
                                                                      Entropy (8bit):1.2063358427399726
                                                                      Encrypted:false
                                                                      SSDEEP:48:jtar7upM+CFXJBT5JeSnAErCyprSjTHj:j8r7XZT/eBwCW6j
                                                                      MD5:223C30BE90EF0DC693756C2C274A52AA
                                                                      SHA1:076F42E55B26DB0A444A3960122E231FB41BE7EB
                                                                      SHA-256:B41BB89DE664F24DAA74A9166038F336117F18BC2F42BA10D8D24FCF1C5F4B6A
                                                                      SHA-512:278D3F2AC8E710C6DAC149E2F6EE3AD983C33094F3EE7C0EC7A71BE4364649AB91181ED0688AEDB924ED9F88429ED030E9221215236FA624BC8E2CBCFC166DE2
                                                                      Malicious:false
                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Windows\Temp\~DF1755E6EC9FA8A10B.TMP

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):512
                                                                      Entropy (8bit):0.0
                                                                      Encrypted:false
                                                                      SSDEEP:3::
                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                      Malicious:false
                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Windows\Temp\~DF2C01B3A0816AC422.TMP

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):512
                                                                      Entropy (8bit):0.0
                                                                      Encrypted:false
                                                                      SSDEEP:3::
                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                      Malicious:false
                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Windows\Temp\~DF4BF87596046038A5.TMP

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):73728
                                                                      Entropy (8bit):0.11239145392696759
                                                                      Encrypted:false
                                                                      SSDEEP:24:dsjbLKTx0wipV0a0wipV0SAEV0yjCypVQwGzn+H:ijaT9S7SnAErCypA
                                                                      MD5:70B3D67976332A6C8A1B8A01A577FF17
                                                                      SHA1:C5A92CB544F27BDC4B5D99190F8CCFE14C77460D
                                                                      SHA-256:A317C3758EB360B9AA3FDF9898A0661FE05CF2D8C5D56D65BD14A8579BD78BF7
                                                                      SHA-512:460010104207E72B3729D876CFFCE4D8AEFA0D92E4A087B73EFB9F38ACEF205A7DCABA940BB0D7325DA10F1E2B9E11026F28DE9B006B4B4CF7745D3606FE0AD7
                                                                      Malicious:false
                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Windows\Temp\~DF61ED1EB50AF30A26.TMP

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                      Category:dropped
                                                                      Size (bytes):20480
                                                                      Entropy (8bit):1.4994142460537594
                                                                      Encrypted:false
                                                                      SSDEEP:48:F8Phj7uRc06WXJSnT5veSnAErCyprSjTHj:ohj71JnTBeBwCW6j
                                                                      MD5:545E24C30C98F2DE42E82816DA55F6CF
                                                                      SHA1:95EAEF1AC251CBA67B68DD5405435198E8ACF271
                                                                      SHA-256:6A10A3281973F5FF264CFD33566C2B12F92F5A9DEEFD1E3C757D1928AEDB3451
                                                                      SHA-512:B57704A97973845D0B4FB79A97641CD484749B5B265391B553426660BC42E5DBC16939A8F85A817C507E154C0DA0DDA55E5152D8CC46B380828E8308D44880FC
                                                                      Malicious:false
                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Windows\Temp\~DF737463399B67DBA8.TMP

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):512
                                                                      Entropy (8bit):0.0
                                                                      Encrypted:false
                                                                      SSDEEP:3::
                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                      Malicious:false
                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Windows\Temp\~DF8CEB1A39EEB8051A.TMP

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):32768
                                                                      Entropy (8bit):0.07294692120954602
                                                                      Encrypted:false
                                                                      SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKO3LiTvyNpXGYtIVky6l0:2F0i8n0itFzDHF7iTeR0
                                                                      MD5:3C7E35FEAB11F094CE20CB7C90291882
                                                                      SHA1:EAF2CF3135C39A1AFF812B40FFA6ABC30FE28D4A
                                                                      SHA-256:5ECF817AB8D3B88611BAC22F0AB3772F02C4CF8B016DB3FA288C483F1AFD40D9
                                                                      SHA-512:FCA485CAF47F832C7A3D806C953AB77D48EA9F05128D800266FBF6239C32AE8AF5FDBE6BA357F3C727D752C20D7CBE220136D054C8AAC546A79910462E42644F
                                                                      Malicious:false
                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Windows\Temp\~DFDB5835EED5CDE74D.TMP

                                                                      Download File
                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                      Category:dropped
                                                                      Size (bytes):32768
                                                                      Entropy (8bit):1.2063358427399726
                                                                      Encrypted:false
                                                                      SSDEEP:48:jtar7upM+CFXJBT5JeSnAErCyprSjTHj:j8r7XZT/eBwCW6j
                                                                      MD5:223C30BE90EF0DC693756C2C274A52AA
                                                                      SHA1:076F42E55B26DB0A444A3960122E231FB41BE7EB
                                                                      SHA-256:B41BB89DE664F24DAA74A9166038F336117F18BC2F42BA10D8D24FCF1C5F4B6A
                                                                      SHA-512:278D3F2AC8E710C6DAC149E2F6EE3AD983C33094F3EE7C0EC7A71BE4364649AB91181ED0688AEDB924ED9F88429ED030E9221215236FA624BC8E2CBCFC166DE2
                                                                      Malicious:false
                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      Static File Info

                                                                      General

                                                                      File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {DC25F973-C1ED-46DD-B97E-0ADBDABAB8E6}, Number of Words: 10, Subject: Carregando..., Author: {3F4C8711-6762-44A7-9120-0DFF35FE6004}, Name of Creating Application: Carregando..., Template: ;1046, Comments: Carregando..., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Apr 2 21:21:52 2024, Number of Pages: 200
                                                                      Entropy (8bit):7.94764269927865
                                                                      TrID:
                                                                      • Windows SDK Setup Transform Script (63028/2) 47.91%
                                                                      • Microsoft Windows Installer (60509/1) 46.00%
                                                                      • Generic OLE2 / Multistream Compound File (8008/1) 6.09%
                                                                      File name:25690.01808D.msi
                                                                      File size:29'327'872 bytes
                                                                      MD5:2b0155bffc9d2c3b1607557e50843049
                                                                      SHA1:02678061f63f0bb0bb8155f8b54a13c9fe39cf0e
                                                                      SHA256:70492103fe59217c37a64ab3bbf7d53498822d6b167f8fe1c5dbcd250a115f51
                                                                      SHA512:345bfcdf855a8365e75fe2479588f021c08ffffd8a90335582d4bf81d8630822b667af4949c9e37351b8eedab906a74d17fb385126d1de38bcd5e3c45841ea27
                                                                      SSDEEP:786432:b/5E6qrb9HIAdwKfLFbdhbUqZUyrOKLF+hS4PU5+:beFIAOoPhAwrOFZPUU
                                                                      TLSH:C5572321F99BC536FB3E51769474EF6A507ABEE2073180D763E83AA94DB08C15271E03
                                                                      File Content Preview:........................>...........................................a...........G.......c.......k.......................................q.......................................................................!..."...#...$...%...&...'...(...)...*...w......

                                                                      File Icon

                                                                      Icon Hash:2d2e3797b32b2b99

                                                                      Network Behavior

                                                                      No network behavior found

                                                                      Statistics

                                                                      CPU Usage

                                                                      Click to jump to process

                                                                      Memory Usage

                                                                      Click to jump to process

                                                                      High Level Behavior Distribution

                                                                      Click to dive into process behavior distribution

                                                                      Behavior

                                                                      Click to jump to process

                                                                      System Behavior

                                                                      General

                                                                      Target ID:0
                                                                      Start time:11:23:57
                                                                      Start date:10/04/2024
                                                                      Path:C:\Windows\System32\msiexec.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\25690.01808D.msi"
                                                                      Imagebase:0x7ff7807e0000
                                                                      File size:69'632 bytes
                                                                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:1
                                                                      Start time:11:23:57
                                                                      Start date:10/04/2024
                                                                      Path:C:\Windows\System32\msiexec.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\msiexec.exe /V
                                                                      Imagebase:0x7ff7807e0000
                                                                      File size:69'632 bytes
                                                                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:false

                                                                      General

                                                                      Target ID:3
                                                                      Start time:11:23:58
                                                                      Start date:10/04/2024
                                                                      Path:C:\Windows\SysWOW64\msiexec.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 7AEE77A2D687777A7B17D9BDC9CFF799
                                                                      Imagebase:0xf40000
                                                                      File size:59'904 bytes
                                                                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:4
                                                                      Start time:11:24:02
                                                                      Start date:10/04/2024
                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline: -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss6AFB.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi6AF7.txt" -scriptFile "C:\Users\user\AppData\Local\Temp\scr6AF8.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr6AF9.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
                                                                      Imagebase:0x760000
                                                                      File size:433'152 bytes
                                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:5
                                                                      Start time:11:24:02
                                                                      Start date:10/04/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff6d64d0000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:6
                                                                      Start time:11:24:03
                                                                      Start date:10/04/2024
                                                                      Path:C:\ProgramData\BlueStacksXL\Vo8hgf.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\ProgramData\BlueStacksXL\Vo8hgf.exe"
                                                                      Imagebase:0x910000
                                                                      File size:824'696 bytes
                                                                      MD5 hash:FB8B69DA795B160D022AA663B17B2AD7
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Antivirus matches:
                                                                      • Detection: 0%, ReversingLabs
                                                                      • Detection: 0%, Virustotal, Browse
                                                                      Reputation:low
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:7
                                                                      Start time:11:24:03
                                                                      Start date:10/04/2024
                                                                      Path:C:\Windows\SysWOW64\tasklist.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:tasklist /FI "IMAGENAME eq gbpsv.exe"
                                                                      Imagebase:0x5f0000
                                                                      File size:79'360 bytes
                                                                      MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:moderate
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:8
                                                                      Start time:11:24:03
                                                                      Start date:10/04/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff6d64d0000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:9
                                                                      Start time:11:24:03
                                                                      Start date:10/04/2024
                                                                      Path:C:\Windows\SysWOW64\tasklist.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:tasklist /FI "IMAGENAME eq core.exe"
                                                                      Imagebase:0x5f0000
                                                                      File size:79'360 bytes
                                                                      MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:moderate
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:10
                                                                      Start time:11:24:03
                                                                      Start date:10/04/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff6d64d0000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:11
                                                                      Start time:11:24:03
                                                                      Start date:10/04/2024
                                                                      Path:C:\Windows\SysWOW64\tasklist.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:tasklist /FI "IMAGENAME eq RapportService.exe"
                                                                      Imagebase:0x5f0000
                                                                      File size:79'360 bytes
                                                                      MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:moderate
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:12
                                                                      Start time:11:24:03
                                                                      Start date:10/04/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff6d64d0000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:13
                                                                      Start time:11:24:04
                                                                      Start date:10/04/2024
                                                                      Path:C:\Windows\SysWOW64\tasklist.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:tasklist /FI "IMAGENAME eq RapportMgmtService.exe"
                                                                      Imagebase:0x5f0000
                                                                      File size:79'360 bytes
                                                                      MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:moderate
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:14
                                                                      Start time:11:24:04
                                                                      Start date:10/04/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff6d64d0000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:15
                                                                      Start time:11:24:04
                                                                      Start date:10/04/2024
                                                                      Path:C:\Windows\SysWOW64\tasklist.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:tasklist /FI "IMAGENAME eq scpbradguard.exe"
                                                                      Imagebase:0x5f0000
                                                                      File size:79'360 bytes
                                                                      MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:16
                                                                      Start time:11:24:04
                                                                      Start date:10/04/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff6d64d0000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Has exited:true

                                                                      Disassembly

                                                                      Reset < >

                                                                        Executed Functions

                                                                        Function 047099B8 Relevance: 4.6, Strings: 3, Instructions: 882COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.2178844567.0000000004700000.00000040.00000800.00020000.00000000.sdmp, Offset: 04700000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_4700000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (Xbq$LR]q$co:n^
                                                                        • API String ID: 0-525454743
                                                                        • Opcode ID: abad4fc87f412d3f37fb6599d56e0a8d6a0419732487199cf1933f4c269f8abe
                                                                        • Instruction ID: c7756dd13bd29967cd6b2628d831cc263ca3b86e853077996e8bc748c6bee0a9
                                                                        • Opcode Fuzzy Hash: abad4fc87f412d3f37fb6599d56e0a8d6a0419732487199cf1933f4c269f8abe
                                                                        • Instruction Fuzzy Hash: 38827D70B01218CFDB14DB68D890BADBBB2BF89304F1580A9E9499B395DB35ED42CF51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04709C10 Relevance: 2.6, Strings: 2, Instructions: 143COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.2178844567.0000000004700000.00000040.00000800.00020000.00000000.sdmp, Offset: 04700000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_4700000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (Xbq$LR]q
                                                                        • API String ID: 0-655927778
                                                                        • Opcode ID: 1163c38922872311f892e8d58f8d416af09e12c3e58943ab3f83151408c1cc0f
                                                                        • Instruction ID: 4ede9dd7941b153f018ec6ff5e742d39714a2d18f2b7cec9b70b08f787c3fa4c
                                                                        • Opcode Fuzzy Hash: 1163c38922872311f892e8d58f8d416af09e12c3e58943ab3f83151408c1cc0f
                                                                        • Instruction Fuzzy Hash: B4515971A01218CFDB24CF68D850B9EBBB6FF89304F1180A9E5069B395DB75AD42CF91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04708478 Relevance: .3, Instructions: 266COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.2178844567.0000000004700000.00000040.00000800.00020000.00000000.sdmp, Offset: 04700000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_4700000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9b1bc1076bdcff4b88b2f2716ec7fd11018be2ee7613cb4a5360c5bd0696911f
                                                                        • Instruction ID: 401ca95d0c5d8789cc484288f5d7025a8662d37a6f3c3e2e90f1420bdc005de5
                                                                        • Opcode Fuzzy Hash: 9b1bc1076bdcff4b88b2f2716ec7fd11018be2ee7613cb4a5360c5bd0696911f
                                                                        • Instruction Fuzzy Hash: B7A16B31A01208DFDB14EFA5D944A9DBBF6FF84350F128558E406AB3A9DB34ED49CB81
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04703C00 Relevance: .2, Instructions: 218COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.2178844567.0000000004700000.00000040.00000800.00020000.00000000.sdmp, Offset: 04700000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_4700000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bb0bd06af4bcc02a28955dc3a4bce6e14686d5afa4f0fce3e0bf105ae6e0e35d
                                                                        • Instruction ID: b4f52d6b5095f33da6014b05d63a0bb55ad295e3a208b5bcce65ec28abb36b54
                                                                        • Opcode Fuzzy Hash: bb0bd06af4bcc02a28955dc3a4bce6e14686d5afa4f0fce3e0bf105ae6e0e35d
                                                                        • Instruction Fuzzy Hash: 50915870A01205DFCB06CF58C5949AABBF1FF49310B25869AD855EB3A6C735FC91CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04708BC8 Relevance: .2, Instructions: 199COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.2178844567.0000000004700000.00000040.00000800.00020000.00000000.sdmp, Offset: 04700000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_4700000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9f7117a479bb44dcfac2682f114b72aa73893e807d59d5e6221309501b508ae9
                                                                        • Instruction ID: 1a5671d62743ad48a6dba23ab60d44016fbc5a71896ca4355db5a4f9b7258250
                                                                        • Opcode Fuzzy Hash: 9f7117a479bb44dcfac2682f114b72aa73893e807d59d5e6221309501b508ae9
                                                                        • Instruction Fuzzy Hash: 80719C70A01209CFCB14DF68D844A9EBBF6AF89314F15C96AE416DB391DB71EC46CB81
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04708D36 Relevance: .2, Instructions: 188COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.2178844567.0000000004700000.00000040.00000800.00020000.00000000.sdmp, Offset: 04700000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_4700000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5d2a9a26d5f915ffd742a1ee754ad90b4b619c03b68548f87edb4cc8e6031bf3
                                                                        • Instruction ID: bd412350c59854628b0c6fb0f11a500f8c41640f5820beff6610f5023da5c778
                                                                        • Opcode Fuzzy Hash: 5d2a9a26d5f915ffd742a1ee754ad90b4b619c03b68548f87edb4cc8e6031bf3
                                                                        • Instruction Fuzzy Hash: F5713970A01208DFDB14EFB4D884AAEBBF6BF88344F158529D416AB394DB35AC46CB51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0470AAA8 Relevance: .2, Instructions: 164COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.2178844567.0000000004700000.00000040.00000800.00020000.00000000.sdmp, Offset: 04700000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_4700000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 25178ad364d4b53990cb4d357c94e9f28864e9701cf9278e4497ff562846b6e8
                                                                        • Instruction ID: b7e54279a0a3e24188f5f8708de9d52826895854f20f4e092347cef1e68204cc
                                                                        • Opcode Fuzzy Hash: 25178ad364d4b53990cb4d357c94e9f28864e9701cf9278e4497ff562846b6e8
                                                                        • Instruction Fuzzy Hash: A3512770B02214CFEB259B78C854BAD77F6AF89248F1445A9E006DB3A4DF35AD42DF11
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04708959 Relevance: .1, Instructions: 126COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.2178844567.0000000004700000.00000040.00000800.00020000.00000000.sdmp, Offset: 04700000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_4700000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3dd187198a3c2508d143344fe068cd9662dd002427ea22b63f372ac5da460a1a
                                                                        • Instruction ID: d249cc269f145a34cc1ebbf87d86344a837036cf16841bf7cf7a53420b05db90
                                                                        • Opcode Fuzzy Hash: 3dd187198a3c2508d143344fe068cd9662dd002427ea22b63f372ac5da460a1a
                                                                        • Instruction Fuzzy Hash: C9419E75A41201DFDB18EF24C854AAE7BF6EF89754F198469E402EB3A0CF34AC42CB55
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04708BB3 Relevance: .1, Instructions: 117COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.2178844567.0000000004700000.00000040.00000800.00020000.00000000.sdmp, Offset: 04700000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_4700000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 41678dc36e3ce3f14c0182202397b778c8ca96037cf5da48fd24cfc18c8c9c7f
                                                                        • Instruction ID: 815ec145e61ddd0ea1a91242251bca92b092ebef6c3dd31811394c9e54e2d07b
                                                                        • Opcode Fuzzy Hash: 41678dc36e3ce3f14c0182202397b778c8ca96037cf5da48fd24cfc18c8c9c7f
                                                                        • Instruction Fuzzy Hash: C4418C70E01209DFDB18EFA9C88479EBBF6BF88300F158569D006AB394DF74A846CB55
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04703D10 Relevance: .1, Instructions: 110COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.2178844567.0000000004700000.00000040.00000800.00020000.00000000.sdmp, Offset: 04700000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_4700000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bd6127981eb03da7ceb7e4b2b578a154c02c61c893e9c8fd120b1efa60acf111
                                                                        • Instruction ID: acb2e55cbdf1482ed6915b80352875556505b69e87c12cfb31b004f1599cc394
                                                                        • Opcode Fuzzy Hash: bd6127981eb03da7ceb7e4b2b578a154c02c61c893e9c8fd120b1efa60acf111
                                                                        • Instruction Fuzzy Hash: 4D412770A01505DFCB0ACF58C5949AAFBF1FF48310B25869AD815AB3A5C736FD91CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04707D0B Relevance: .1, Instructions: 84COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.2178844567.0000000004700000.00000040.00000800.00020000.00000000.sdmp, Offset: 04700000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_4700000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8bc25da93838107d4af9d1ac890847b6862c9abf9ea11e4f2625643372bb393a
                                                                        • Instruction ID: 4c1656a04391fadf6904da55e5b82fe3c7ab15283167c1cbdb2c86e50d83ce66
                                                                        • Opcode Fuzzy Hash: 8bc25da93838107d4af9d1ac890847b6862c9abf9ea11e4f2625643372bb393a
                                                                        • Instruction Fuzzy Hash: 0521F370A0524A8FD745DF78D8919EEBFF5EF4A214B1041A6D4049B321D630AD46CBD1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0470A993 Relevance: .1, Instructions: 66COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.2178844567.0000000004700000.00000040.00000800.00020000.00000000.sdmp, Offset: 04700000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_4700000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 040cb9e8fe285621d19fa1770330f3758b4e38779c4316074eab1ecef994afee
                                                                        • Instruction ID: c294e5ee9529bd4fd20332596dfb28302741abc488babc00e53808b96705c4c8
                                                                        • Opcode Fuzzy Hash: 040cb9e8fe285621d19fa1770330f3758b4e38779c4316074eab1ecef994afee
                                                                        • Instruction Fuzzy Hash: 4631F870A012198FDB28DF68DD90F99B7F2BF84204F1045E5D108AB2A5DB34EE85CF90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 02A7D01D Relevance: .0, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.2176771386.0000000002A7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A7D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_2a7d000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5ce3ec4a8552579d485364b25b8eb51ee3ed75f2405de9d0e752b24ca38260ad
                                                                        • Instruction ID: 7f546ac87a6a4339a9704114961319d57612de333e2f35e03f8712101fe284cc
                                                                        • Opcode Fuzzy Hash: 5ce3ec4a8552579d485364b25b8eb51ee3ed75f2405de9d0e752b24ca38260ad
                                                                        • Instruction Fuzzy Hash: 6001F7315047009AD7208B25CDC4B67BFACEF46324F18C429ED4A0A246CB799842CAB9
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 02A7D007 Relevance: .0, Instructions: 44COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.2176771386.0000000002A7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A7D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_2a7d000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 88b8bbc01aa5b9dc54fdc761c4b1b1fa495ddfc73d225246d9216a64f8046e64
                                                                        • Instruction ID: 281933c1ec6e426222665e4461c99af643eb8045acaa2fd57ae6e86321c388a0
                                                                        • Opcode Fuzzy Hash: 88b8bbc01aa5b9dc54fdc761c4b1b1fa495ddfc73d225246d9216a64f8046e64
                                                                        • Instruction Fuzzy Hash: AA015E7140E3C09ED7128B258C94B52BFB4EF57224F1D80DBD9888F2A3C3699849C776
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04707DE0 Relevance: .0, Instructions: 37COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.2178844567.0000000004700000.00000040.00000800.00020000.00000000.sdmp, Offset: 04700000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_4700000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2e476e6fa96e851d7b157f3813c0b123046a64eb02001fbf6d9d2b9818806294
                                                                        • Instruction ID: ec8018ebb09bbb4631033e23415239608fd7d70b876a448ad5589b195ba85f6a
                                                                        • Opcode Fuzzy Hash: 2e476e6fa96e851d7b157f3813c0b123046a64eb02001fbf6d9d2b9818806294
                                                                        • Instruction Fuzzy Hash: A001E474A0524ACFC744DF68D4859AABFF4AF09210F5041A9E5099B322E630A985CBD1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04707DF0 Relevance: .0, Instructions: 28COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.2178844567.0000000004700000.00000040.00000800.00020000.00000000.sdmp, Offset: 04700000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_4700000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b126ad55ea57d202118fad66a4ecfb19371d761d9bba7b21fe8d1795210b67c2
                                                                        • Instruction ID: 8ded31a789d1c95a7ffbfa568d8e8c51622667b5d01bb160dd95ff44f02c2272
                                                                        • Opcode Fuzzy Hash: b126ad55ea57d202118fad66a4ecfb19371d761d9bba7b21fe8d1795210b67c2
                                                                        • Instruction Fuzzy Hash: 0BF0A974E0020ACFC784DF68D485AAEBBF4FF49310F5041A9D509DB321E730A945CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0470A6C0 Relevance: .0, Instructions: 26COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.2178844567.0000000004700000.00000040.00000800.00020000.00000000.sdmp, Offset: 04700000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_4700000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ae0486d3f9ead34e2a33c86ea4edc49a88542a467dbd97b767d025f9b4fd5e48
                                                                        • Instruction ID: 3835596c06a139fd0bfbdcddc6f2516028f6c159b8cfe498bb7ea5be18f49036
                                                                        • Opcode Fuzzy Hash: ae0486d3f9ead34e2a33c86ea4edc49a88542a467dbd97b767d025f9b4fd5e48
                                                                        • Instruction Fuzzy Hash: F6F01C74D0520E9F8B44DFB995021AEBFF4AB14200F0084AED419E7340E63456118FE5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 047088ED Relevance: .0, Instructions: 24COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.2178844567.0000000004700000.00000040.00000800.00020000.00000000.sdmp, Offset: 04700000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_4700000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4da278df3eccd8c31bfa2cd2a6719e0bcadfbcfa8d34323d7de12d5571a0cb5c
                                                                        • Instruction ID: 0b85a06a09bfcb30bc4e1ca1c6b7715022a7b9f3ee342cda2cd37821527af388
                                                                        • Opcode Fuzzy Hash: 4da278df3eccd8c31bfa2cd2a6719e0bcadfbcfa8d34323d7de12d5571a0cb5c
                                                                        • Instruction Fuzzy Hash: 8EF03030A8020ACFDB04EBA4D695B6E7BB2EF40344F118954D1029F3A9DB78AD49CFC1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0470A690 Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.2178844567.0000000004700000.00000040.00000800.00020000.00000000.sdmp, Offset: 04700000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_4700000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 813b2e0d5e3d4085097e98958d3dab3be41f69bd009f790da90ed15adae21fad
                                                                        • Instruction ID: 26a1c5a5dd36d9f6f0b89f6513bb7393c77b6a4db7242e7408a6ba873561e056
                                                                        • Opcode Fuzzy Hash: 813b2e0d5e3d4085097e98958d3dab3be41f69bd009f790da90ed15adae21fad
                                                                        • Instruction Fuzzy Hash: DAD05EB901F784EED702176079086913FFA9B63614F4540D6E2054EAD29A5735A086AB
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0470A6D0 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.2178844567.0000000004700000.00000040.00000800.00020000.00000000.sdmp, Offset: 04700000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_4700000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7c8c9dfcb21bf0e15ffce2a4dc18d6db365471597f8d52a05621290d4d2a1eb2
                                                                        • Instruction ID: 01c4777be51e2f58c00ee95703762ab5401922dced026659deb6f7097f7c0a77
                                                                        • Opcode Fuzzy Hash: 7c8c9dfcb21bf0e15ffce2a4dc18d6db365471597f8d52a05621290d4d2a1eb2
                                                                        • Instruction Fuzzy Hash: 7DE026B4E0534E9F8F48DFB995421BEFBF5AB48200F10856E9819E7340E67856118FD5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0470A8AC Relevance: .0, Instructions: 18COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.2178844567.0000000004700000.00000040.00000800.00020000.00000000.sdmp, Offset: 04700000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_4700000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 857c35eb9508577e234c437c956e7ed2b11f2e0e3f149d0d9dda22e90d3e373d
                                                                        • Instruction ID: 2137487c0ec5e0130443c68919fe4ddb2b3e158291d7ddef5f9a5202f69f1efa
                                                                        • Opcode Fuzzy Hash: 857c35eb9508577e234c437c956e7ed2b11f2e0e3f149d0d9dda22e90d3e373d
                                                                        • Instruction Fuzzy Hash: B7E0C2765012998FCB06CB65D4904FABFB4EE4216A31440EAE5956B211C2309A19DBB0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Execution Graph

                                                                        Execution Coverage:1.1%
                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                        Signature Coverage:4.7%
                                                                        Total number of Nodes:258
                                                                        Total number of Limit Nodes:17
                                                                        execution_graph 56030 1461a40 56031 1461a8a 56030->56031 56036 1476320 56031->56036 56033 1461aac 56035 1461ae9 56033->56035 56040 1461870 56033->56040 56037 147632e 56036->56037 56044 1476380 56037->56044 56039 147634b 56039->56033 56041 14618ba 56040->56041 56049 1483750 56041->56049 56042 1461992 56042->56033 56047 14763b2 56044->56047 56045 1476518 56045->56039 56047->56045 56048 1476540 GetOEMCP 56047->56048 56048->56047 56050 14837af 56049->56050 56061 14837f9 56050->56061 56092 1472440 RaiseException 56050->56092 56051 1483805 56053 1469890 5 API calls 56051->56053 56052 1483826 56054 148382f 56052->56054 56063 1483842 56052->56063 56055 1483813 56053->56055 56056 1469890 5 API calls 56054->56056 56057 1469890 5 API calls 56055->56057 56058 1483821 56056->56058 56057->56058 56059 1469890 5 API calls 56058->56059 56064 148391f 56058->56064 56059->56064 56061->56051 56061->56052 56063->56058 56072 1469890 56063->56072 56066 14839e0 56064->56066 56078 1483580 56064->56078 56067 1483a11 CreateProcessW 56066->56067 56068 1483a52 GetLastError 56067->56068 56071 1483aa7 56067->56071 56069 1483a9b 56068->56069 56093 1472440 RaiseException 56069->56093 56071->56042 56075 14698a8 56072->56075 56073 14698fc 56073->56058 56074 14698dc 56094 146e9c0 56074->56094 56075->56073 56075->56074 56076 14698ce GetOEMCP 56075->56076 56076->56074 56079 14835a5 56078->56079 56086 14835b9 56078->56086 56134 14ba150 CreatePipe 56079->56134 56082 14835b1 56135 1483540 GetCurrentProcess GetCurrentProcess DuplicateHandle 56082->56135 56083 14835d0 56085 1483540 4 API calls 56083->56085 56087 14835d8 56085->56087 56138 14ba150 CreatePipe 56086->56138 56088 14835f4 56087->56088 56139 14ba150 CreatePipe 56087->56139 56088->56066 56090 14835ec 56091 1483540 4 API calls 56090->56091 56091->56088 56092->56061 56093->56071 56095 146e9db 56094->56095 56102 146e9f6 56095->56102 56103 146ee30 56095->56103 56097 146ea2d 56098 146ea31 56097->56098 56099 146ea3d 56097->56099 56100 146e9c0 4 API calls 56098->56100 56107 146e600 56099->56107 56100->56102 56102->56073 56104 146ee44 56103->56104 56106 146ee3d 56103->56106 56126 146ee00 GetProcessHeap HeapFree 56104->56126 56106->56097 56108 146e623 56107->56108 56125 146e69e 56108->56125 56128 146ee00 GetProcessHeap HeapFree 56108->56128 56109 146e786 56112 146e791 56109->56112 56113 146e7ae 56109->56113 56110 146e760 56127 146e070 GetProcessHeap HeapAlloc 56110->56127 56130 146e070 GetProcessHeap HeapAlloc 56112->56130 56116 146e7d6 56113->56116 56117 146e7b9 56113->56117 56114 146e76e 56124 146e7ec 56114->56124 56133 146e070 GetProcessHeap HeapAlloc 56114->56133 56132 146e070 GetProcessHeap HeapAlloc 56116->56132 56131 146e070 GetProcessHeap HeapAlloc 56117->56131 56120 146e694 56129 146ee70 GetProcessHeap HeapFree 56120->56129 56124->56102 56125->56109 56125->56110 56125->56124 56126->56106 56127->56114 56128->56120 56129->56125 56130->56114 56131->56114 56132->56114 56133->56124 56134->56082 56136 1483578 56135->56136 56137 148356b CloseHandle 56135->56137 56136->56086 56137->56136 56138->56083 56139->56090 56140 146d8e0 56141 146d8f0 56140->56141 56142 146d912 56141->56142 56146 146cf80 56141->56146 56150 146e270 56141->56150 56154 148bce0 56141->56154 56147 146cf94 56146->56147 56149 146cf9c 56146->56149 56147->56149 56157 1468d60 SysFreeString 56147->56157 56149->56141 56151 146e27d 56150->56151 56158 146e090 GetProcessHeap HeapFree 56151->56158 56153 146e2ce 56153->56141 56159 148bbf0 EnterCriticalSection 56154->56159 56156 148bcea 56156->56141 56157->56149 56158->56153 56160 148bc20 56159->56160 56160->56156 56161 14617f0 56162 1461819 56161->56162 56165 1471870 56162->56165 56164 1461823 56166 1471882 56165->56166 56167 14718a7 56166->56167 56173 147199c 56166->56173 56168 14718c4 GetCurrentThreadId 56167->56168 56170 14718ac 56167->56170 56169 14718d8 56168->56169 56172 14718be 56169->56172 56182 146d880 56169->56182 56187 14709c6 56169->56187 56194 1470970 56169->56194 56201 14709fa 56169->56201 56206 14900c0 56169->56206 56211 147b560 56169->56211 56217 14709a0 56169->56217 56171 1471980 TlsGetValue 56170->56171 56170->56172 56171->56172 56172->56164 56173->56172 56224 146f770 56173->56224 56183 146d890 56182->56183 56184 146d8ab 56182->56184 56183->56184 56227 1472070 56183->56227 56232 1472a90 GetStartupInfoA 56183->56232 56184->56172 56188 14709c8 56187->56188 56189 14709fc 56188->56189 56190 14709ee GetOEMCP 56188->56190 56249 14706b0 56189->56249 56253 147070e 56189->56253 56190->56189 56191 1470a10 56191->56172 56196 1470980 56194->56196 56198 14709a4 56194->56198 56195 14709fc 56199 14706b0 7 API calls 56195->56199 56200 147070e 7 API calls 56195->56200 56196->56195 56197 14709ee GetOEMCP 56196->56197 56196->56198 56197->56195 56198->56172 56199->56198 56200->56198 56202 14709fc 56201->56202 56204 14706b0 7 API calls 56202->56204 56205 147070e 7 API calls 56202->56205 56203 1470a10 56203->56172 56204->56203 56205->56203 56207 14900c5 56206->56207 56273 148f6b0 GetUserDefaultLCID SetThreadLocale 56207->56273 56210 14900f7 56210->56172 56212 147b565 56211->56212 56213 147b57e GetCurrentThreadId 56212->56213 56214 147b597 56213->56214 56325 1462e70 56214->56325 56216 147b5ab 56216->56172 56218 14709c8 56217->56218 56219 14709fc 56218->56219 56220 14709ee GetOEMCP 56218->56220 56222 14706b0 7 API calls 56219->56222 56223 147070e 7 API calls 56219->56223 56220->56219 56221 1470a10 56221->56172 56222->56221 56223->56221 56225 146f78c 56224->56225 56226 146f77d TlsFree 56224->56226 56225->56172 56226->56225 56228 14720b0 GetACP 56227->56228 56229 147207f 56227->56229 56228->56183 56231 14720ae 56229->56231 56240 1469010 56229->56240 56231->56228 56233 1472ab8 56232->56233 56234 1472aa8 GetModuleHandleA 56232->56234 56248 1472a40 GetModuleHandleA GetModuleHandleA 56233->56248 56234->56233 56236 1472ace 56237 1472070 3 API calls 56236->56237 56238 1472b58 56237->56238 56239 1472b7f GetCurrentProcessId 56238->56239 56239->56183 56241 1469021 56240->56241 56246 1469049 56240->56246 56242 146907f 56241->56242 56243 1469028 56241->56243 56247 1468d60 SysFreeString 56242->56247 56245 146903c SysReAllocStringLen 56243->56245 56243->56246 56245->56246 56246->56229 56247->56246 56248->56236 56250 14706c1 56249->56250 56252 147071e 56250->56252 56257 14703a0 56250->56257 56252->56191 56254 1470710 56253->56254 56255 14703a0 7 API calls 56254->56255 56256 147071e 56255->56256 56256->56191 56258 14703c2 56257->56258 56260 1470418 56257->56260 56259 14703e2 56258->56259 56258->56260 56268 14703f4 56258->56268 56271 1470250 CloseHandle GetLastError 56259->56271 56263 1470574 CreateFileW 56260->56263 56260->56268 56262 14703ee 56262->56260 56262->56268 56264 14705b3 56263->56264 56265 14705d8 56263->56265 56264->56265 56267 14705c4 56264->56267 56266 14705e9 GetLastError 56265->56266 56265->56268 56266->56268 56272 1470350 SetFilePointer GetLastError GetLastError 56267->56272 56268->56252 56270 14705ce 56270->56265 56271->56262 56272->56270 56274 148f6c4 56273->56274 56275 148f6c9 GetSystemMetrics GetSystemMetrics GetThreadLocale 56274->56275 56276 148f713 56275->56276 56281 148f610 GetThreadLocale 56276->56281 56279 148f75f GetUserDefaultLangID 56279->56210 56285 148f250 56281->56285 56283 148f61f 56283->56279 56284 148f170 8 API calls 56283->56284 56284->56279 56287 148f288 56285->56287 56286 148ecf0 GetLocaleInfoW GetLocaleInfoW 56286->56287 56287->56286 56289 148f2f6 56287->56289 56288 148ecf0 GetLocaleInfoW GetLocaleInfoW 56288->56289 56289->56288 56290 148f37d 56289->56290 56319 148ed90 GetLocaleInfoA 56290->56319 56294 148f3ac 56295 148ecf0 2 API calls 56294->56295 56296 148f3d8 56295->56296 56297 148ed90 GetLocaleInfoA 56296->56297 56298 148f3fa 56297->56298 56299 148ecf0 2 API calls 56298->56299 56300 148f41b 56299->56300 56301 148ecf0 2 API calls 56300->56301 56302 148f447 56301->56302 56303 148ecf0 2 API calls 56302->56303 56304 148f473 56303->56304 56305 148ecf0 2 API calls 56304->56305 56306 148f517 56305->56306 56307 148ecf0 2 API calls 56306->56307 56308 148f543 56307->56308 56309 148ecf0 2 API calls 56308->56309 56310 148f570 56309->56310 56311 148ed90 GetLocaleInfoA 56310->56311 56312 148f594 56311->56312 56313 148ed90 GetLocaleInfoA 56312->56313 56314 148f5ab 56313->56314 56315 148ecf0 2 API calls 56314->56315 56316 148f5cc 56315->56316 56317 148ed90 GetLocaleInfoA 56316->56317 56318 148f5f0 56317->56318 56318->56283 56320 148edab 56319->56320 56321 148ecf0 GetLocaleInfoW 56320->56321 56322 148ed32 56321->56322 56323 148ed50 56321->56323 56322->56323 56324 148ed42 GetLocaleInfoW 56322->56324 56323->56294 56324->56323 56328 1462400 56325->56328 56329 1462405 GetSystemInfo 56328->56329 56329->56216 56330 1477e50 56333 1477e80 56330->56333 56332 1477e57 56334 1477eb1 56333->56334 56336 1477ecc 56333->56336 56343 1473c30 56334->56343 56337 1477f5c 56336->56337 56346 1468260 GetOEMCP 56336->56346 56347 1468260 GetOEMCP 56337->56347 56339 1477f72 56348 1468260 GetOEMCP 56339->56348 56341 1477ec4 56341->56332 56349 148e610 ReadFile 56343->56349 56346->56336 56347->56339 56348->56341 56350 1473c38 56349->56350 56350->56341 56351 1484050 56352 1484063 56351->56352 56353 148405c 56351->56353 56355 14831f0 GetExitCodeProcess 56353->56355 56356 148320c 56355->56356 56356->56352

                                                                        Executed Functions

                                                                        Function 0146E070 Relevance: 2.5, APIs: 2, Instructions: 10memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 400 146e070-146e084 GetProcessHeap HeapAlloc
                                                                        APIs
                                                                        • GetProcessHeap.KERNEL32(00000000,?,?,0146E7DE,?,014DDF44,00000000,?,0146EB4D,?,?,?,0146EC0F), ref: 0146E076
                                                                        • HeapAlloc.KERNEL32(00000000,00000000,?,?,0146E7DE,?,014DDF44,00000000,?,0146EB4D,?,?,?,0146EC0F), ref: 0146E07C
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Heap$AllocProcess
                                                                        • String ID:
                                                                        • API String ID: 1617791916-0
                                                                        • Opcode ID: 435e45154d706f2037fe94ef5886e555658c54d58e436f1e06bd42a98238434e
                                                                        • Instruction ID: 5b6fb343c11ec89801c60ae5f56615a39b80c79a2992c86cd4b2f494d1291579
                                                                        • Opcode Fuzzy Hash: 435e45154d706f2037fe94ef5886e555658c54d58e436f1e06bd42a98238434e
                                                                        • Instruction Fuzzy Hash: D7B0029158920926D45076E66C16B2A764C87A1A99F40199AAE08E65519866682001EB
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0148ED90 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetLocaleInfoA.KERNEL32(?,?,?,00000004), ref: 0148EDA2
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: InfoLocale
                                                                        • String ID:
                                                                        • API String ID: 2299586839-0
                                                                        • Opcode ID: 891891c5438d2d7e6304fd1d3aa5995a502493d57c5de847f1cbc5d301f40b8d
                                                                        • Instruction ID: 934b497baa8374e5cd03c6e141dad99876c54bc24f1fba3e2d0d3e230f0dd329
                                                                        • Opcode Fuzzy Hash: 891891c5438d2d7e6304fd1d3aa5995a502493d57c5de847f1cbc5d301f40b8d
                                                                        • Instruction Fuzzy Hash: 4CD09762484108BDDA00AED91D029FFF3BC97D6200F50008AAF58E3350F5706F1A93E3
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0148F6B0 Relevance: 7.5, APIs: 5, Instructions: 46threadCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • GetUserDefaultLCID.KERNEL32 ref: 0148F6B4
                                                                        • SetThreadLocale.KERNEL32(00000000), ref: 0148F6BA
                                                                        • GetSystemMetrics.USER32(0000002A), ref: 0148F6CE
                                                                        • GetSystemMetrics.USER32(0000004A), ref: 0148F6DE
                                                                        • GetThreadLocale.KERNEL32(0000004A,00000000), ref: 0148F70A
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: LocaleMetricsSystemThread$DefaultUser
                                                                        • String ID:
                                                                        • API String ID: 1166223755-0
                                                                        • Opcode ID: 4b978da251dd76d98c996f64a40748caac880a97f01dd6f15181c35b2f0e05de
                                                                        • Instruction ID: 7c19b23fa7075f0dd284f5a709ca01a037ebf93b2f4bb80f02a3dbe2800deb61
                                                                        • Opcode Fuzzy Hash: 4b978da251dd76d98c996f64a40748caac880a97f01dd6f15181c35b2f0e05de
                                                                        • Instruction Fuzzy Hash: 1701A7715222435AFB207FBBA901719398CAB77B48F08426BD908DA2B8EF7C44054716
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01483540 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • GetCurrentProcess.KERNEL32(?,00000000,000000FF,00000002), ref: 0148354E
                                                                        • GetCurrentProcess.KERNEL32(?,00000000,?,00000000,000000FF,00000002), ref: 01483555
                                                                        • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000,000000FF,00000002), ref: 0148355B
                                                                        • CloseHandle.KERNEL32(?,00000000,?,00000000,?,00000000,000000FF,00000002), ref: 0148356C
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentHandleProcess$CloseDuplicate
                                                                        • String ID:
                                                                        • API String ID: 1410216518-0
                                                                        • Opcode ID: d22192b70bbe760c822f510d9acfcefab80dd1831f5c37cd56716d029f28971e
                                                                        • Instruction ID: 86db7af81ebd8ea51c504da08687cf5a9cb643b6eb45bf5fec1d8d15b3e0b153
                                                                        • Opcode Fuzzy Hash: d22192b70bbe760c822f510d9acfcefab80dd1831f5c37cd56716d029f28971e
                                                                        • Instruction Fuzzy Hash: EAE086D1A871563AD81039751C02FEA778C4B779B4F1402577510E72E1D965990181B6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01472A90 Relevance: 4.6, APIs: 3, Instructions: 74COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • GetStartupInfoA.KERNEL32(014DD270), ref: 01472A9A
                                                                        • GetModuleHandleA.KERNEL32(00000000), ref: 01472AAA
                                                                        • GetCurrentProcessId.KERNEL32 ref: 01472B84
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentHandleInfoModuleProcessStartup
                                                                        • String ID:
                                                                        • API String ID: 4098904731-0
                                                                        • Opcode ID: 1dae98646c7f8584e1d1b95e176022ffe9fb8060569b5d1e7921bf29bf649edb
                                                                        • Instruction ID: f5b91cb04b631850883f2aaa9d57098bb2dea3592b7f7f568d30da3a19f7fd44
                                                                        • Opcode Fuzzy Hash: 1dae98646c7f8584e1d1b95e176022ffe9fb8060569b5d1e7921bf29bf649edb
                                                                        • Instruction Fuzzy Hash: AC213074B452469FDF21FFBAE850B6A37A9FB75744B14811BD5048B378EB709800C752
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0147B560 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41threadCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • GetCurrentThreadId.KERNEL32 ref: 0147B57E
                                                                          • Part of subcall function 01462E70: GetSystemInfo.KERNEL32(?), ref: 01462E8A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentInfoSystemThread
                                                                        • String ID: 0f
                                                                        • API String ID: 1580349249-226299295
                                                                        • Opcode ID: 2643b1a792ac7f09a03c964e7eeb4740880a96f61df2b2435cd5abaae005894d
                                                                        • Instruction ID: 07e2db753abd2935a5655a49344c4179469322f88c37ae6b8f6fb505cd8a0b2e
                                                                        • Opcode Fuzzy Hash: 2643b1a792ac7f09a03c964e7eeb4740880a96f61df2b2435cd5abaae005894d
                                                                        • Instruction Fuzzy Hash: C101C8B46011028BDBD0BF69902434A3695F774348F90492FD518EF779EB76D8054BA6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01483750 Relevance: 3.3, APIs: 2, Instructions: 273processCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • CreateProcessW.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,00000000,Function_00012580,?,01483680,00000000,Function_00012580), ref: 01483A49
                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,00000000,Function_00012580,?,01483680,00000000,Function_00012580), ref: 01483A68
                                                                          • Part of subcall function 01472440: RaiseException.KERNEL32(E0465043,00000001,00000005,-000002F8,?,?,0146DC8B,00000000,00000000,000000CC,0146DCC7,000000CC,0146DD16,00000000,?,0146ECEB), ref: 01472494
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: CreateErrorExceptionLastProcessRaise
                                                                        • String ID:
                                                                        • API String ID: 3670319978-0
                                                                        • Opcode ID: 7d77e9c4c86ee180b17fb57038eacf4b0fce0af264c88d94c5a6680495ad0329
                                                                        • Instruction ID: d70ba916ffaead3608436450ee98d476f795c5d0459a80a4b6e61646313b0d02
                                                                        • Opcode Fuzzy Hash: 7d77e9c4c86ee180b17fb57038eacf4b0fce0af264c88d94c5a6680495ad0329
                                                                        • Instruction Fuzzy Hash: BEC1E334A00209DFDB10EF99C980B9EB7F5FF58604F1145AAE808AB361D774AE45DF51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014703A0 Relevance: 3.2, APIs: 2, Instructions: 182COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 291 14703a0-14703bc 292 14703c2-14703ce 291->292 293 1470418-1470442 call 1470180 291->293 295 14703f4-14703fc 292->295 296 14703d0-14703d6 292->296 301 1470444-147044e 293->301 302 1470490-1470495 293->302 298 1470407 295->298 299 14703fe-1470405 295->299 296->293 300 14703d8-14703db 296->300 303 147040c-1470411 298->303 299->303 300->295 304 14703dd-14703e0 300->304 305 1470450-1470458 301->305 306 147045a-147045f 301->306 307 1470497-1470499 302->307 308 14704e0-14704e7 302->308 310 1470610-1470616 303->310 304->295 311 14703e2-14703ee call 1470250 304->311 305->306 312 1470461-147046f 305->312 306->302 313 147049b-147049e 307->313 314 14704a8-14704b7 307->314 315 14704f0 308->315 316 14704e9-14704ee 308->316 311->293 311->295 322 1470471-1470476 312->322 323 1470478-1470486 312->323 320 14704a0-14704a3 313->320 321 14704bc-14704cb 313->321 314->308 319 14704f5-14704fd 315->319 316->319 324 1470574-14705b1 CreateFileW 319->324 325 1470503-147050f 319->325 326 14704a5 320->326 327 14704d0-14704df 320->327 321->308 322->302 323->302 328 1470488-147048e 323->328 330 14705b3-14705ba 324->330 331 14705d8-14705df 324->331 325->310 329 1470515-147051b 325->329 326->308 327->308 328->302 332 147051d-1470520 329->332 333 1470538-1470542 329->333 330->331 334 14705bc-14705c2 330->334 335 14705e1-14705e7 331->335 336 14705e9-14705fd GetLastError call 1462df0 331->336 332->310 337 1470526-1470529 332->337 333->310 334->331 338 14705c4-14705d1 call 1470350 334->338 335->336 339 1470600-1470606 335->339 336->339 341 147052b-147052e 337->341 342 1470548-1470552 337->342 338->331 339->310 345 1470608 339->345 347 1470530 341->347 348 1470558-147056c 341->348 342->310 345->310 346 147060b call 146e0e0 345->346 346->310 347->310 348->310
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: CloseErrorHandleLast
                                                                        • String ID:
                                                                        • API String ID: 918212764-0
                                                                        • Opcode ID: 2c0e5678c8a21c6a652d489b5b20521db5e9dfe5258650de7188f26636b9d9ef
                                                                        • Instruction ID: 89235b3ca9317955f6a53872fc0af4ec819fc0c893ae404fe9d4178213797cbb
                                                                        • Opcode Fuzzy Hash: 2c0e5678c8a21c6a652d489b5b20521db5e9dfe5258650de7188f26636b9d9ef
                                                                        • Instruction Fuzzy Hash: AC614C75A0610A8FEB20DF5CC984BEB7BB1FB46314F248127E944EB365D374AD418BA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01471870 Relevance: 3.1, APIs: 2, Instructions: 93threadCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 350 1471870-14718a1 call 1462db0 353 14718a7-14718aa 350->353 354 147199c-14719a3 350->354 357 14718c4-14718da GetCurrentThreadId call 1462d00 353->357 358 14718ac-14718af 353->358 355 14719a5-14719b4 call 1462d00 354->355 356 14719f2-14719fb 354->356 371 14719b6-14719bd 355->371 372 14719d4-14719d9 call 146f7f0 call 146f770 355->372 368 1471920-1471934 357->368 369 14718dc-14718ec 357->369 361 14718b5-14718b8 358->361 362 147193c-1471952 call 146f6d0 call 146f350 358->362 366 14718be 361->366 367 147196c-1471973 361->367 373 14719e8 362->373 388 1471958-1471964 362->388 366->373 374 1471975 367->374 375 1471980-147198e TlsGetValue 367->375 368->373 393 14718ef call 14709c6 369->393 394 14718ef call 146d880 369->394 395 14718ef call 1470970 369->395 396 14718ef call 14709a0 369->396 397 14718ef call 147b560 369->397 398 14718ef call 14900c0 369->398 399 14718ef call 14709fa 369->399 379 14719bf-14719ca 371->379 380 14719cc-14719d1 call 146da30 371->380 391 14719de 372->391 373->356 374->375 375->373 377 1471990-1471998 call 146f420 375->377 377->373 379->380 380->372 383 14718f5-1471905 383->373 388->373 391->373 393->383 394->383 395->383 396->383 397->383 398->383 399->383
                                                                        APIs
                                                                        • GetCurrentThreadId.KERNEL32 ref: 014718C4
                                                                        • TlsGetValue.KERNEL32(014BB000,?,?,?,?,01461823), ref: 01471987
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentThreadValue
                                                                        • String ID:
                                                                        • API String ID: 1644696904-0
                                                                        • Opcode ID: ce46bd4843868d7a4e5b0ae43b799804bb7f49bc1e1790f2c5b424c3a5e6b0a0
                                                                        • Instruction ID: 2eb449d45773fd8b86a84888ed5c4454cf53d7bb03b6edd276bc1ddfaba5e98c
                                                                        • Opcode Fuzzy Hash: ce46bd4843868d7a4e5b0ae43b799804bb7f49bc1e1790f2c5b424c3a5e6b0a0
                                                                        • Instruction Fuzzy Hash: 9331E4B150120A9FDB31AFBEE8953EABBA8FB14759F04062BD500D33B4D771950ACB52
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0146E090 Relevance: 2.5, APIs: 2, Instructions: 10memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 401 146e090-146e0a4 GetProcessHeap HeapFree
                                                                        APIs
                                                                        • GetProcessHeap.KERNEL32(00000000,?,?,0146E2CE,?,014DDF44,0146F2BB,?,?,014DCAA4,0146DBC5,?,?,014719D1), ref: 0146E096
                                                                        • HeapFree.KERNEL32(00000000,00000000,?,?,0146E2CE,?,014DDF44,0146F2BB,?,?,014DCAA4,0146DBC5,?,?,014719D1), ref: 0146E09C
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Heap$FreeProcess
                                                                        • String ID:
                                                                        • API String ID: 3859560861-0
                                                                        • Opcode ID: 54d910315cf6757d78e491c9b4cd36db28c131aecee9a60ea8068b0f3bc993a5
                                                                        • Instruction ID: d80ad70d8c7eefa07b246ea17f1cac14581d252666dd2f877518122d627656ec
                                                                        • Opcode Fuzzy Hash: 54d910315cf6757d78e491c9b4cd36db28c131aecee9a60ea8068b0f3bc993a5
                                                                        • Instruction Fuzzy Hash: 6DB002A159920926D45076E65C06B26764C87A1A99F40059AAE08E65519866682101FB
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01470970 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 402 1470970-147097e 403 14709a4-14709ac 402->403 404 1470980-1470985 402->404 405 14709b7 403->405 406 14709ae-14709b5 403->406 407 1470987-147098a 404->407 408 14709c8-14709e6 404->408 409 14709bc-14709c1 405->409 406->409 407->403 412 147098c-147098f 407->412 410 14709fc-1470a03 408->410 411 14709e8-14709ec 408->411 414 1470a38-1470a3a 409->414 415 1470a04-1470a0b 410->415 411->415 416 14709ee-14709f8 GetOEMCP 411->416 412->403 417 1470991-147099b call 14708c0 412->417 426 1470a0d call 14706b0 415->426 427 1470a0d call 147070e 415->427 416->415 417->408 419 1470a10-1470a18 421 1470a23 419->421 422 1470a1a-1470a21 419->422 423 1470a28-1470a2d 421->423 422->423 423->414 424 1470a2f-1470a36 423->424 424->414 426->419 427->419
                                                                        APIs
                                                                        • GetOEMCP.KERNEL32(?,014DCE04,01470A75,014DCE04,01471B3C,01000000,01471BB2,?,0146F376,?,0147194B,?,?,?,?,01461823), ref: 014709F0
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6b59ad84937309c739fc554c40e1fd4e8658d19db4314041eb15190ddef2026c
                                                                        • Instruction ID: 791719122afcd85020d6f45dccdfeece3e40119a43d6c046f57c05dce5908d12
                                                                        • Opcode Fuzzy Hash: 6b59ad84937309c739fc554c40e1fd4e8658d19db4314041eb15190ddef2026c
                                                                        • Instruction Fuzzy Hash: 7C114CB96032518BEB24AF6CC8843A76B60FB63750F08866BE9049F3B9D774CD05C790
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01469010 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 428 1469010-146901b 429 1469086-146908b 428->429 430 1469021-1469026 428->430 431 146907f-1469081 call 1468d60 430->431 432 1469028-146902f 430->432 431->429 434 1469052-1469056 432->434 435 1469031-1469035 432->435 438 146905d-1469068 call 1469260 434->438 439 1469058-146905b 434->439 436 1469037-146903a 435->436 437 146903c-1469047 SysReAllocStringLen 435->437 436->437 437->429 440 1469049-1469050 call 1468cd0 437->440 445 146906f-146907d call 14623c0 438->445 446 146906a-146906d 438->446 439->438 440->429 445->429 446->445
                                                                        APIs
                                                                        • SysReAllocStringLen.OLEAUT32(00000000,00000000,00000000), ref: 0146903F
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: AllocString
                                                                        • String ID:
                                                                        • API String ID: 2525500382-0
                                                                        • Opcode ID: e3166d1f1caf7f409d454a7a2bdaeb6a8f7d5264f778d86502f261130fd08d24
                                                                        • Instruction ID: 25a26b9ae4e4ce9cc5802eb8f74701453eb666d6cb1b3ffe8df021180b38dd94
                                                                        • Opcode Fuzzy Hash: e3166d1f1caf7f409d454a7a2bdaeb6a8f7d5264f778d86502f261130fd08d24
                                                                        • Instruction Fuzzy Hash: 6701A7B17026354F9B20AA1EC984A6BBB8C9B61A4C70542579F449F369CAB1DC02C3E3
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01472070 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 449 1472070-147207d 450 14720b0-1472136 GetACP 449->450 451 147207f-1472081 449->451 452 1472088-1472093 451->452 453 14720a5-14720a8 452->453 454 14720aa-14720ac 453->454 455 1472098-147209d call 1469010 453->455 454->452 457 14720ae 454->457 458 14720a2 455->458 457->450 458->453
                                                                        APIs
                                                                        • GetACP.KERNEL32(?,?,00000000,01472B58), ref: 0147210A
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2a3c570ac47139b651148da9dc380d4239ce1330a766b1952d206bcc76cec645
                                                                        • Instruction ID: 0f3f171364a8a6c998c2f9e76a29718703ced9fb3bc9d72be834985328196c02
                                                                        • Opcode Fuzzy Hash: 2a3c570ac47139b651148da9dc380d4239ce1330a766b1952d206bcc76cec645
                                                                        • Instruction Fuzzy Hash: 6F1115B5A022018FCB71DFECE48068677E6FB59698B10492FE544DB378E771A801CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01469890 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 459 1469890-14698ad call 1469a00 462 14698b2-14698b6 459->462 463 14698af 459->463 464 14698fc-1469902 462->464 465 14698b8-14698c6 call 1468b70 462->465 463->462 468 14698dc-14698e3 465->468 469 14698c8-14698cc 465->469 470 14698e4-14698ef 468->470 469->470 471 14698ce-14698d8 GetOEMCP 469->471 472 14698f6 call 146e9c0 470->472 473 14698f1 470->473 471->470 472->464 473->472
                                                                        APIs
                                                                        • GetOEMCP.KERNEL32(00000000,00000000,?,-00000020,01467E1C,00000000,01472580,-00000020,01467D20,?,?,00000000,-00000008,01468BC9,00000000,01472580), ref: 014698D0
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 65647b273109a3b1c7fa5eb797d014d807b1bb18a47838e599b37a2a73227a2f
                                                                        • Instruction ID: d4a25167f4cc3d798ce561074b756e1ea1eef04a68151df9ef4c36d078082feb
                                                                        • Opcode Fuzzy Hash: 65647b273109a3b1c7fa5eb797d014d807b1bb18a47838e599b37a2a73227a2f
                                                                        • Instruction Fuzzy Hash: 72F04435F1115ADF9F20EAAED5505AFB3ECABA579DB080057D808D7320DA70CE01D392
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014709C6 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetOEMCP.KERNEL32(?,014DCE04,01470A75,014DCE04,01471B3C,01000000,01471BB2,?,0146F376,?,0147194B,?,?,?,?,01461823), ref: 014709F0
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8b68230fb23583cd294af6e87f192dbaa84454a8ed6b1685842fb43f3a6d5277
                                                                        • Instruction ID: 855e2ba2443b6e42af0d12604f6eb54910cb469d89be53c0c31e8b02add1f972
                                                                        • Opcode Fuzzy Hash: 8b68230fb23583cd294af6e87f192dbaa84454a8ed6b1685842fb43f3a6d5277
                                                                        • Instruction Fuzzy Hash: 2DF05EB99122518BEF25AF18C5843E37B60FB52791F0886A7ED005F3A9D7B5C901C7E0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014709A0 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetOEMCP.KERNEL32(?,014DCE04,01470A75,014DCE04,01471B3C,01000000,01471BB2,?,0146F376,?,0147194B,?,?,?,?,01461823), ref: 014709F0
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 75dc916371318ed9e0461c7fdcc1cc9f06b60c5a791833fd9ed746ba162d156d
                                                                        • Instruction ID: 26a1f451cac25778ae495b2cb11cd512087ca976422b06fc66a3eb3d3d18090c
                                                                        • Opcode Fuzzy Hash: 75dc916371318ed9e0461c7fdcc1cc9f06b60c5a791833fd9ed746ba162d156d
                                                                        • Instruction Fuzzy Hash: 56F0B4B950225187EF11AF18C4403E37B20FB52741F0886A7ED005F365D774C901C790
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014831F0 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetExitCodeProcess.KERNEL32(?,?), ref: 01483203
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: CodeExitProcess
                                                                        • String ID:
                                                                        • API String ID: 3861947596-0
                                                                        • Opcode ID: 2f0b63d6024a291163a68d51877317d30e411ee7c97e6280e2ba098c7670ac29
                                                                        • Instruction ID: 2d759f4dbf61e131b049115f331ec37ee94eebb68e03b21e1cce1579e35efe96
                                                                        • Opcode Fuzzy Hash: 2f0b63d6024a291163a68d51877317d30e411ee7c97e6280e2ba098c7670ac29
                                                                        • Instruction Fuzzy Hash: 2BE0C23210820AA2EF109E66EC82BB6B38CA706610F4805B39E0CC9153E575C500D572
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0148E610 Relevance: 1.5, APIs: 1, Instructions: 20fileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 0148E621
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: FileRead
                                                                        • String ID:
                                                                        • API String ID: 2738559852-0
                                                                        • Opcode ID: 292973674a4522db33f362f0a3b9cc8ed6463b89638eb2b7ad6bb8bc2b3b4555
                                                                        • Instruction ID: 004d7e828bd66e73fe63c67ef7c47fb040892367ebdea22bb980ba5e8b53edbc
                                                                        • Opcode Fuzzy Hash: 292973674a4522db33f362f0a3b9cc8ed6463b89638eb2b7ad6bb8bc2b3b4555
                                                                        • Instruction Fuzzy Hash: B6D05B7194410CBAEA04E5999D42D7FF36CDB44654F500245BA18E71D0EA70AF104672
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014900C0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 0148F620: GetCPInfo.KERNEL32(00000000,?), ref: 0148F62E
                                                                          • Part of subcall function 0148F6B0: GetUserDefaultLCID.KERNEL32 ref: 0148F6B4
                                                                          • Part of subcall function 0148F6B0: SetThreadLocale.KERNEL32(00000000), ref: 0148F6BA
                                                                          • Part of subcall function 0148F6B0: GetSystemMetrics.USER32(0000002A), ref: 0148F6CE
                                                                          • Part of subcall function 0148F6B0: GetSystemMetrics.USER32(0000004A), ref: 0148F6DE
                                                                          • Part of subcall function 0148F6B0: GetThreadLocale.KERNEL32(0000004A,00000000), ref: 0148F70A
                                                                        • GetUserDefaultLangID.KERNEL32 ref: 014900ED
                                                                          • Part of subcall function 0148F9C0: GetVersionExA.KERNEL32(00000094), ref: 0148F9E5
                                                                          • Part of subcall function 0148F9C0: GetModuleHandleA.KERNEL32(kernel32,00000094), ref: 0148FA3B
                                                                          • Part of subcall function 0148F9C0: GetProcAddress.KERNEL32(GetDiskFreeSpaceExA,kernel32), ref: 0148FA55
                                                                          • Part of subcall function 0148FAA0: GetWindowsDirectoryA.KERNEL32(00000000,00000104), ref: 0148FAC9
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: DefaultLocaleMetricsSystemThreadUser$AddressDirectoryHandleInfoLangModuleProcVersionWindows
                                                                        • String ID:
                                                                        • API String ID: 2776179434-0
                                                                        • Opcode ID: 35cd04dd0f78a5d19d88e83497c903e01accb2d5a84c768dd0ea4581f0e878fe
                                                                        • Instruction ID: b55269adb5f54a92b34196061fc4bde7b8253e0ddeb3841b7f9d1a4286b3b158
                                                                        • Opcode Fuzzy Hash: 35cd04dd0f78a5d19d88e83497c903e01accb2d5a84c768dd0ea4581f0e878fe
                                                                        • Instruction Fuzzy Hash: 14D0E9A19211175F8610BFFA509010E7954FF71158B40566FF504FB23CDF31854A9BE2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0146F770 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • TlsFree.KERNEL32(014BB000,?,014719DE,?,?,?,?,01461823), ref: 0146F784
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Free
                                                                        • String ID:
                                                                        • API String ID: 3978063606-0
                                                                        • Opcode ID: 3a50dc3e2dded1bc88d8db448e9492331471b593a17eb60ef9a4c2d76df6aae5
                                                                        • Instruction ID: d5e181dd90776869786c3dbac1443751f94a3f49ef1d6ae49a80a02689bdc5d7
                                                                        • Opcode Fuzzy Hash: 3a50dc3e2dded1bc88d8db448e9492331471b593a17eb60ef9a4c2d76df6aae5
                                                                        • Instruction Fuzzy Hash: 7BD05E301103088F8322DF5CE88041033AAFB077353400394EA78873F1C7727C158B91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01462E70 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetSystemInfo.KERNEL32(?), ref: 01462E8A
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: InfoSystem
                                                                        • String ID:
                                                                        • API String ID: 31276548-0
                                                                        • Opcode ID: 8efc7391970b022910a365ba262efef7333c28aea73d281b115772297a0fd639
                                                                        • Instruction ID: 59c306923cf8b463590722333b87b4787afa581772df36e43ef19f081a9ce4e4
                                                                        • Opcode Fuzzy Hash: 8efc7391970b022910a365ba262efef7333c28aea73d281b115772297a0fd639
                                                                        • Instruction Fuzzy Hash: 7BD0C77190410E47CF00EBD1D9419DFF3FCDB6C208F600495D918A3200D535AF158BB2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014BA150 Relevance: 1.5, APIs: 1, Instructions: 13pipeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CreatePipe.KERNEL32(?,?,014C15D0,?,?,014835D0), ref: 014BA15C
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: CreatePipe
                                                                        • String ID:
                                                                        • API String ID: 2719314638-0
                                                                        • Opcode ID: 5b59fd78e13fd00a626dc8163387887344bdf7595b6339a9910e6171ee2c562e
                                                                        • Instruction ID: 38d3bae3a09b55c333718d7b7cfff0d6b99699cb7b3908561e91d0b6714734db
                                                                        • Opcode Fuzzy Hash: 5b59fd78e13fd00a626dc8163387887344bdf7595b6339a9910e6171ee2c562e
                                                                        • Instruction Fuzzy Hash: 9CB09291A292097B150826B66C06C37B68DC1E1EA4B08469E790AC3661FCA6AD2011FA
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0148F610 Relevance: 1.5, APIs: 1, Instructions: 4threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetThreadLocale.KERNEL32(0148F751,0000004A,00000000), ref: 0148F610
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: LocaleThread
                                                                        • String ID:
                                                                        • API String ID: 635194068-0
                                                                        • Opcode ID: b161e8b8b03ade14d131a8a229601f6eeab28aa79e2b56986ac9a69d2c0be93b
                                                                        • Instruction ID: fb9ae0c6aebb4315b001022de7c5b49693645733b10c530a605198e1ecad1dcf
                                                                        • Opcode Fuzzy Hash: b161e8b8b03ade14d131a8a229601f6eeab28aa79e2b56986ac9a69d2c0be93b
                                                                        • Instruction Fuzzy Hash:
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0148BBF0 Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • EnterCriticalSection.KERNEL32(014DED00), ref: 0148BC00
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalEnterSection
                                                                        • String ID:
                                                                        • API String ID: 1904992153-0
                                                                        • Opcode ID: 86dffd6584631fad15e1392d1370c148e30c97127aa07511dc64785e423cb74c
                                                                        • Instruction ID: cd9a07a202a1a44fe3e85546213dc18d6ffaa59c6d9e3682fab46e2e27480a96
                                                                        • Opcode Fuzzy Hash: 86dffd6584631fad15e1392d1370c148e30c97127aa07511dc64785e423cb74c
                                                                        • Instruction Fuzzy Hash: 8B11A330A0020E9FCB10EF9EC891A9EB7B8FB15714F1449AFDC25E7670DB716A548B81
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions

                                                                        Function 0148E780 Relevance: 9.2, APIs: 6, Instructions: 233fileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CreateFileW.KERNEL32(00000000,00000008,00000007,00000000,00000003,02200000,00000000,00000000,Function_00012580,?,0148E740), ref: 0148E827
                                                                        • DeviceIoControl.KERNEL32(?,000900A8,00000000,00000000,?,00004000,?,00000000), ref: 0148E885
                                                                        • FindFirstFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000000,Function_00012580,?,0148E710,00000000,Function_00012580,?,0148E720,00000000,00000008,00000007), ref: 0148E9C2
                                                                        • FindClose.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,Function_00012580,?,0148E710,00000000,Function_00012580,?,0148E720,00000000,00000008), ref: 0148E9D2
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: FileFind$CloseControlCreateDeviceFirst
                                                                        • String ID:
                                                                        • API String ID: 1923776695-0
                                                                        • Opcode ID: b08f78a94cf8009e956c2fbac8c6e82116cd09254d0f19f78020552b39060d5a
                                                                        • Instruction ID: b392d2450d16143971bdd8a03eda5196ea5bee122b2aaf252fc61d5ef0bde7e6
                                                                        • Opcode Fuzzy Hash: b08f78a94cf8009e956c2fbac8c6e82116cd09254d0f19f78020552b39060d5a
                                                                        • Instruction Fuzzy Hash: 1C910630A0021A9FDB50EF59CC80BAEB7B5FB54704F0485AAD905BB3B0DB74AE41CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00956665 Relevance: 9.1, APIs: 6, Instructions: 73COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00956671
                                                                        • memset.VCRUNTIME140(?,00000000,00000003), ref: 00956697
                                                                        • memset.VCRUNTIME140(?,00000000,00000050), ref: 00956721
                                                                        • IsDebuggerPresent.KERNEL32 ref: 0095673D
                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0095675D
                                                                        • UnhandledExceptionFilter.KERNEL32(?), ref: 00956767
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: ExceptionFilterPresentUnhandledmemset$DebuggerFeatureProcessor
                                                                        • String ID:
                                                                        • API String ID: 1045392073-0
                                                                        • Opcode ID: b9493a3cbd78dd964466867f3608cbd662f83994c08825533b236aeec081d200
                                                                        • Instruction ID: 8c0fbe832a9464a29b25816db1e9f4ba6ab433128bd808705113c13dfd6e8df5
                                                                        • Opcode Fuzzy Hash: b9493a3cbd78dd964466867f3608cbd662f83994c08825533b236aeec081d200
                                                                        • Instruction Fuzzy Hash: 26313875D05318DBDB10DFA5D989BCCBBB8AF08305F1041AAE50DAB290EB715B889F45
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0148A580 Relevance: 8.4, Strings: 6, Instructions: 871COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: A/P$AM/PM$AMPM$H$H$Illegal character in format string
                                                                        • API String ID: 0-332147144
                                                                        • Opcode ID: ff0fd981fc76821cca4fd407e0b14b481ded71c656998d2a17faf22a6c80b17c
                                                                        • Instruction ID: f0eb81689c544c43d0fb18ffc40a6a6c0f6eb576b82ada13aa347bd81eba28f6
                                                                        • Opcode Fuzzy Hash: ff0fd981fc76821cca4fd407e0b14b481ded71c656998d2a17faf22a6c80b17c
                                                                        • Instruction Fuzzy Hash: E7822230A04109DFCB05EBA8C598AAEBBF1FF19304F24449BE941AB371C775AE46DB40
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01474810 Relevance: 6.1, APIs: 4, Instructions: 141COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • FindResourceA.KERNEL32(?,?,?), ref: 01474860
                                                                        • LoadResource.KERNEL32(?,?,?,?,?,00000000,Function_00012580,?,01474800), ref: 01474924
                                                                        • SizeofResource.KERNEL32(?,?,?,?,?,?,?,00000000,Function_00012580,?,01474800), ref: 014749E8
                                                                        • LockResource.KERNEL32(?,?,?,?,?,?,?,?,00000000,Function_00012580,?,01474800), ref: 014749F2
                                                                          • Part of subcall function 01467E90: GetOEMCP.KERNEL32(014DC744,0000D7B1,014DC744,014708A1,00000000,01472580,?,01470860,00000000,?,014710A5,?,?,01000000,01471C62), ref: 01467EAC
                                                                          • Part of subcall function 01468C00: GetOEMCP.KERNEL32(014C23C4,?,00000000,01467EF3,014DC744,0000D7B1,014DC744,014708A1,00000000,01472580,?,01470860,00000000,?,014710A5), ref: 01468C44
                                                                          • Part of subcall function 01468C00: GetOEMCP.KERNEL32(014C23C4,?,00000000,01467EF3,014DC744,0000D7B1,014DC744,014708A1,00000000,01472580,?,01470860,00000000,?,014710A5), ref: 01468C6C
                                                                          • Part of subcall function 01472440: RaiseException.KERNEL32(E0465043,00000001,00000005,-000002F8,?,?,0146DC8B,00000000,00000000,000000CC,0146DCC7,000000CC,0146DD16,00000000,?,0146ECEB), ref: 01472494
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$ExceptionFindLoadLockRaiseSizeof
                                                                        • String ID:
                                                                        • API String ID: 59981392-0
                                                                        • Opcode ID: 740135c6486a62affb2d4eaeb84ba1bb84f07dc1f145e88b54066608b62f02b0
                                                                        • Instruction ID: a77377ad365e982bc15c2db55eb6df7e29a582d441cf7b9eace81934ff60d8db
                                                                        • Opcode Fuzzy Hash: 740135c6486a62affb2d4eaeb84ba1bb84f07dc1f145e88b54066608b62f02b0
                                                                        • Instruction Fuzzy Hash: 6451CF34A0010E9BCB15EF65D851BEEB7B9EB64704F1081AFD914973A0D7B19E48CF91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0148F16F Relevance: 6.1, APIs: 4, Instructions: 70threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetThreadLocale.KERNEL32(00000000,Function_00012580,?,0148F160), ref: 0148F1B9
                                                                        • GetLocaleInfoA.KERNEL32(00000000,0000100B,?,0000000B,00000000,Function_00012580,?,0148F160), ref: 0148F1CC
                                                                        • EnumCalendarInfoA.KERNEL32(Function_0002F040,00000000,00000000,00000004), ref: 0148F20F
                                                                        • EnumCalendarInfoA.KERNEL32(Function_0002F0D0,00000000,00000000,00000003), ref: 0148F21E
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Info$CalendarEnumLocale$Thread
                                                                        • String ID:
                                                                        • API String ID: 2758459488-0
                                                                        • Opcode ID: d34b9daee048d5cfa3a6d972ec90ca9d8b424714dbc579510c542ba6ab2bf4ea
                                                                        • Instruction ID: e086f67a2b90a67d6db0a66623e8e1b61713112c09b82c01e922a577b3a0196e
                                                                        • Opcode Fuzzy Hash: d34b9daee048d5cfa3a6d972ec90ca9d8b424714dbc579510c542ba6ab2bf4ea
                                                                        • Instruction Fuzzy Hash: F31104B060020A2FD721BAB99C91BAFB39CEB6A758F000D2BF504E75A0D6759D158792
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0148F170 Relevance: 6.1, APIs: 4, Instructions: 70threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetThreadLocale.KERNEL32(00000000,Function_00012580,?,0148F160), ref: 0148F1B9
                                                                        • GetLocaleInfoA.KERNEL32(00000000,0000100B,?,0000000B,00000000,Function_00012580,?,0148F160), ref: 0148F1CC
                                                                        • EnumCalendarInfoA.KERNEL32(Function_0002F040,00000000,00000000,00000004), ref: 0148F20F
                                                                        • EnumCalendarInfoA.KERNEL32(Function_0002F0D0,00000000,00000000,00000003), ref: 0148F21E
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Info$CalendarEnumLocale$Thread
                                                                        • String ID:
                                                                        • API String ID: 2758459488-0
                                                                        • Opcode ID: 3b02c9c8c96f185ee1fbc3fd2238c7725d55d81574ddb3234267cf8625e27bee
                                                                        • Instruction ID: c6196cba694da7102b144709893471448ffb2e396f8cd29a61cb3d833d680cb1
                                                                        • Opcode Fuzzy Hash: 3b02c9c8c96f185ee1fbc3fd2238c7725d55d81574ddb3234267cf8625e27bee
                                                                        • Instruction Fuzzy Hash: 7D1108716002092FD721BAB9DC51BAFB39CEB6A718F000C2BFA04E7560D6759D144792
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00916050 Relevance: 4.5, APIs: 3, Instructions: 16COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?removeServer@QLocalServer@@SA_NABVQString@@@Z.QT5NETWORK(?), ref: 00916059
                                                                        • ?setSocketOptions@QLocalServer@@QAEXV?$QFlags@W4SocketOption@QLocalServer@@@@@Z.QT5NETWORK ref: 0091606A
                                                                        • ?listen@QLocalServer@@QAE_NABVQString@@@Z.QT5NETWORK(?), ref: 00916076
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Local$Server@@$SocketString@@@$?listen@?remove?setFlags@Option@Options@Server@Server@@@@@
                                                                        • String ID:
                                                                        • API String ID: 633950955-0
                                                                        • Opcode ID: 5e213e26f3cacf40cc2e5fcd0a817270b9068982eb488daf9cadeec0081655f8
                                                                        • Instruction ID: df3f61827b815ca912775e149e59fcf611fd4be52c19e92f58bd401d69953de4
                                                                        • Opcode Fuzzy Hash: 5e213e26f3cacf40cc2e5fcd0a817270b9068982eb488daf9cadeec0081655f8
                                                                        • Instruction Fuzzy Hash: FED01735218308EBC7085F16EC08859BF69FB89322B004425F90A47630CB32A961EBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01494660 Relevance: 4.0, Strings: 3, Instructions: 253COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Expected name argument at position %d$false$true
                                                                        • API String ID: 0-3026448425
                                                                        • Opcode ID: 036aaccadce96063e26790f01a442282d49b00435cf5a2a285c94885c207faa8
                                                                        • Instruction ID: 6d585924c9ad7a7ff17cde0f405c2cf7882b74fb6440e7f3ae91efc1a0034546
                                                                        • Opcode Fuzzy Hash: 036aaccadce96063e26790f01a442282d49b00435cf5a2a285c94885c207faa8
                                                                        • Instruction Fuzzy Hash: C5B1707491011E9BCB10EF25C991ADEB7B9FF68318F4042EAD50897260D730AF86CF91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0148ECCF Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetLocaleInfoW.KERNEL32(?,?,00000000,00000000,00000000,Function_00012580,?,0148ECE0), ref: 0148ED27
                                                                        • GetLocaleInfoW.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000,Function_00012580,?,0148ECE0), ref: 0148ED49
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: InfoLocale
                                                                        • String ID:
                                                                        • API String ID: 2299586839-0
                                                                        • Opcode ID: ea9897b580cccb404393b3edb18b629fe991915f1de850c1421e0405b221e2ae
                                                                        • Instruction ID: 80c65add81e009e49e3403aae4d77b3c3332b63392707f58d4722e797a43a96d
                                                                        • Opcode Fuzzy Hash: ea9897b580cccb404393b3edb18b629fe991915f1de850c1421e0405b221e2ae
                                                                        • Instruction Fuzzy Hash: 8A110830A0420AAFC711DF6AC891B9EBBF9EF6A254F1040BFE408E7221D6718905C755
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0148ECF0 Relevance: 3.1, APIs: 2, Instructions: 58COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetLocaleInfoW.KERNEL32(?,?,00000000,00000000,00000000,Function_00012580,?,0148ECE0), ref: 0148ED27
                                                                        • GetLocaleInfoW.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000,Function_00012580,?,0148ECE0), ref: 0148ED49
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: InfoLocale
                                                                        • String ID:
                                                                        • API String ID: 2299586839-0
                                                                        • Opcode ID: bb73521b43f0c5195f585870e5da1cd510f4993b436cdc56b7715a5a28d7c41e
                                                                        • Instruction ID: c0d47078ddce3ba34a159232ee4e094fb5c3ce0ad09df5ccebac557cb60047a3
                                                                        • Opcode Fuzzy Hash: bb73521b43f0c5195f585870e5da1cd510f4993b436cdc56b7715a5a28d7c41e
                                                                        • Instruction Fuzzy Hash: 33115631A00209BBC710EE9AC991B9EF7ECEB69654F10446BF908E7220D6B19A158695
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014700B0 Relevance: 3.1, APIs: 2, Instructions: 55windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetLastError.KERNEL32(00000000,Function_00012580,?,014700A0), ref: 014700D8
                                                                        • FormatMessageW.KERNEL32(00001000,00000000,00000000,00000000,00000000,000000FF,00000000,00000000,Function_00012580,?,014700A0), ref: 01470114
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorFormatLastMessage
                                                                        • String ID:
                                                                        • API String ID: 3479602957-0
                                                                        • Opcode ID: 4a4e1534beac879dab5b44bd8fa7af8187f22fa6967fa930f450d2c9d8a94f9d
                                                                        • Instruction ID: 3d39fdd9b982236d585daedf9c544e89251adb0e6d7785c24e6982634f6cd1af
                                                                        • Opcode Fuzzy Hash: 4a4e1534beac879dab5b44bd8fa7af8187f22fa6967fa930f450d2c9d8a94f9d
                                                                        • Instruction Fuzzy Hash: 790122B074020AAFD721EB65CC41BFEB3EDDB78B04F1000BBA944E3A50EAB45E009695
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0148EC10 Relevance: 3.0, APIs: 2, Instructions: 35COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • FindFirstFileExW.KERNEL32(?,?,00000000,00000000,00000000,?,?,0148EB4F,00000000,00000000,Function_00012580,?,0148EAC0), ref: 0148EC41
                                                                        • FindClose.KERNEL32(00000000,?,?,00000000,00000000,00000000,?,?,0148EB4F,00000000,00000000,Function_00012580,?,0148EAC0), ref: 0148EC4F
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Find$CloseFileFirst
                                                                        • String ID:
                                                                        • API String ID: 2295610775-0
                                                                        • Opcode ID: 3db5a605d3bf1c2821f7ce5ee61962025a9b7039648b4a0a8fc8bfec53c14901
                                                                        • Instruction ID: 4f7cecaa10a7cac4b54bddcf9e743e7100fc37b242ca8b3516e5cc107088f564
                                                                        • Opcode Fuzzy Hash: 3db5a605d3bf1c2821f7ce5ee61962025a9b7039648b4a0a8fc8bfec53c14901
                                                                        • Instruction Fuzzy Hash: BDF0BB31A402159BDB20DBA8CD85B9DF3ECA745614F540683E914E7390D630AE909B95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00956484 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0095649A
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: FeaturePresentProcessor
                                                                        • String ID:
                                                                        • API String ID: 2325560087-0
                                                                        • Opcode ID: 5be46634e048509e3767f63d221db31e805e3b49aaae6d3f3ba3c3ca71c1653d
                                                                        • Instruction ID: f865169de3a771304aa65476a1c9438a740560a694c60fe6060803a99c9ee3cc
                                                                        • Opcode Fuzzy Hash: 5be46634e048509e3767f63d221db31e805e3b49aaae6d3f3ba3c3ca71c1653d
                                                                        • Instruction Fuzzy Hash: 9A51AFB2D247058FDB28CF5AD8857AAB7F4FB48316F94846AD809EB290E374D944CF50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 009567F9 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_00046805,00956108), ref: 009567FE
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: ExceptionFilterUnhandled
                                                                        • String ID:
                                                                        • API String ID: 3192549508-0
                                                                        • Opcode ID: 8931901e8e953b3fbb31f985c7186654df9d7784c6802edaf1825fec6c8161c9
                                                                        • Instruction ID: d992a1954b2876dab9fb982a9e84caa252f08b07d5b3804ff7f2cb5955c0e5b5
                                                                        • Opcode Fuzzy Hash: 8931901e8e953b3fbb31f985c7186654df9d7784c6802edaf1825fec6c8161c9
                                                                        • Instruction Fuzzy Hash:
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014B8CC0 Relevance: .7, Instructions: 669COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7bc95ed98ff2da1abab341ec4ea813f4400473188be968459d900705ae47c135
                                                                        • Instruction ID: 04a992e3ef6c41aed951fb62927c28222a6c3c97653e0e9202038e41fbaa8341
                                                                        • Opcode Fuzzy Hash: 7bc95ed98ff2da1abab341ec4ea813f4400473188be968459d900705ae47c135
                                                                        • Instruction Fuzzy Hash: A4425A72F04724DBCB54CF9DC9C02A9F3F1AF48224B1D85B9DA99A3346D2307E15AB94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014643A0 Relevance: .6, Instructions: 620COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: da260d2911c0eede4577ef961ca7c9dd8f179770846555d3831f08c0a47e0387
                                                                        • Instruction ID: 5147dcf6ff2904676f9205a95e058127a173304d135b0426668b07ec5a462b32
                                                                        • Opcode Fuzzy Hash: da260d2911c0eede4577ef961ca7c9dd8f179770846555d3831f08c0a47e0387
                                                                        • Instruction Fuzzy Hash: F5521735D0026DCADF20CF98C880BEEB7B5FF54308F14819AE919AB265E7745A86CF51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014A8AA0 Relevance: .6, Instructions: 552COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 49157619ab1dcf0f474f8d9f82f9edc1cad1c22535da6af52e6a8bbd06468189
                                                                        • Instruction ID: ad3c76049d44e486f129b0a9be1ff42e3e75235aa62f5377d72190c623f80164
                                                                        • Opcode Fuzzy Hash: 49157619ab1dcf0f474f8d9f82f9edc1cad1c22535da6af52e6a8bbd06468189
                                                                        • Instruction Fuzzy Hash: E412AD3460020BDBDB10EB79C9909EE73FAEFB8318F9145AB9151872B5DA30EF459B01
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014B61B0 Relevance: .4, Instructions: 449COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fe6a4d8b115214b1f789e45004c21dd788c8d9c4cd44bfbb157b97dfff7906ed
                                                                        • Instruction ID: 8381e7c8f857090c98508ce1ea7c49165a25069cf917122964da8b48cb85eb81
                                                                        • Opcode Fuzzy Hash: fe6a4d8b115214b1f789e45004c21dd788c8d9c4cd44bfbb157b97dfff7906ed
                                                                        • Instruction Fuzzy Hash: 2212B374E842008FCB90DF2CE090A5B37E2FB99EA1F65456AA448CF736D775AC41DB81
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014B2010 Relevance: .4, Instructions: 449COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4125c41578b84cfb98121d314efc4895a8d35296bfdcb9ec01453a291427fc2c
                                                                        • Instruction ID: 52b013c7ad8c5d648bb4ee5d17ff22ea4d063f073d6e260d37f5998ef7cf62d1
                                                                        • Opcode Fuzzy Hash: 4125c41578b84cfb98121d314efc4895a8d35296bfdcb9ec01453a291427fc2c
                                                                        • Instruction Fuzzy Hash: CC12A574A062009FCF60DF2CE5A064A37E2FB99610B59456BA84ECB738D735DC0BDB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014B4590 Relevance: .4, Instructions: 449COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0a64035f081c6c4507d74a7c7a0e2e43a3f57326978e0d4e7692f6b5913e7604
                                                                        • Instruction ID: 1356f494858b450e2479642d0f5115171e53637bc93a3c8f87bb10f4ab4d9e06
                                                                        • Opcode Fuzzy Hash: 0a64035f081c6c4507d74a7c7a0e2e43a3f57326978e0d4e7692f6b5913e7604
                                                                        • Instruction Fuzzy Hash: 9E12B474B052049FCB90DF6CE094A1B7BE2F799610F64456AB468CF33AD7B5AC02DB81
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014B2970 Relevance: .4, Instructions: 449COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6556a4efab6319fd061cf4a22e0afe525624a4aaea9c7249c6c7954f4ad8251d
                                                                        • Instruction ID: 9d14ada4c41a48e4a87269f4c83a0013ff4edc4e31c08730b48963c98873c7cc
                                                                        • Opcode Fuzzy Hash: 6556a4efab6319fd061cf4a22e0afe525624a4aaea9c7249c6c7954f4ad8251d
                                                                        • Instruction Fuzzy Hash: 7012C974E062009FCF70DF2CE4A064A37E2FB59650B58856BA84ACB378D7359D1BDB81
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014B6C40 Relevance: .4, Instructions: 449COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e4f7f00ad9e5eead40676de5100b304c7929dbe03255787479f81f752cc6fa8a
                                                                        • Instruction ID: 9fc8ed6d450c5845b10a0b51fc5d8bc8afdca6f0058e5b0e92d81b78836f7914
                                                                        • Opcode Fuzzy Hash: e4f7f00ad9e5eead40676de5100b304c7929dbe03255787479f81f752cc6fa8a
                                                                        • Instruction Fuzzy Hash: FF12C3B8B042049FCB91DF28E4A0A0A77FAF798A50B51452EA549CF37AD7F4DD01DB81
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014B4EF0 Relevance: .4, Instructions: 449COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 46dfb02a0c6c8146c9631d31c29f604dd71b6b8f7fe633b504b7b9a6c608fe85
                                                                        • Instruction ID: a307d3f92507d8b734f3390ba6dd1755d7c9c57fc042323d968077eebcc71fa9
                                                                        • Opcode Fuzzy Hash: 46dfb02a0c6c8146c9631d31c29f604dd71b6b8f7fe633b504b7b9a6c608fe85
                                                                        • Instruction Fuzzy Hash: B412BFB8B442008FDB90DF2CE4A461A77E2BB98B90F50456EA458CFB7AD774DC019B85
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01464D70 Relevance: .3, Instructions: 335COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 962df0a9c04807f2d16ec86f7d02e316b611d5cd79465df1740e796168870739
                                                                        • Instruction ID: aec6fe97f6c6d2ae1b669d7ea4794aaca8d16b99ec1e5ea8ff57d0f3fb689fc9
                                                                        • Opcode Fuzzy Hash: 962df0a9c04807f2d16ec86f7d02e316b611d5cd79465df1740e796168870739
                                                                        • Instruction Fuzzy Hash: 42E1C071E002198BCF08CFA9D994AEDFBF6FF98314F18802AE515BB325D630A945CB55
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014B8EBE Relevance: .3, Instructions: 292COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8e3d2deea596a0c30ddaf5654589f98c4cdabef63e1a54d9053b11c9110f7767
                                                                        • Instruction ID: c221057ff9835dffb880c85e66e5d7678046295e4a47a4d97047ca9c7a80dc07
                                                                        • Opcode Fuzzy Hash: 8e3d2deea596a0c30ddaf5654589f98c4cdabef63e1a54d9053b11c9110f7767
                                                                        • Instruction Fuzzy Hash: BBB18E32E04324DBDB54CF9EC9C01ADF3F1AE4822571985BADD95A3346D2306E15E7A0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0092E910 Relevance: .3, Instructions: 267COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: malloc
                                                                        • String ID:
                                                                        • API String ID: 2803490479-0
                                                                        • Opcode ID: 3d2f21e50aa2560abdbce0e89a18613a9cbcc326ba6f731142afe3765c0a6ef6
                                                                        • Instruction ID: aa6e09565f3a6304e4aabadcd8da03d1d139951b7a7d23810f46e6421ad0cefe
                                                                        • Opcode Fuzzy Hash: 3d2f21e50aa2560abdbce0e89a18613a9cbcc326ba6f731142afe3765c0a6ef6
                                                                        • Instruction Fuzzy Hash: F091E471C003689BEB21DFAAD9C5B9EFBF8AF55300F198169EC0467246D7B09D48C7A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01462AD0 Relevance: .1, Instructions: 92COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b925fca7122e4dba5445f3ef512760893c671cc763bf92d15a52b9427360989c
                                                                        • Instruction ID: 66c9b1c075542e7e7ab6238430162756bb4a3b50b06cf5a0f89d5a28424806a7
                                                                        • Opcode Fuzzy Hash: b925fca7122e4dba5445f3ef512760893c671cc763bf92d15a52b9427360989c
                                                                        • Instruction Fuzzy Hash: E821B471B003155B8B08DE6ECD8556EF7D7FBC8610F48C62E9949D7385D9709C158782
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014B8AA0 Relevance: .1, Instructions: 88COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ee5564cedd98f73127dc9cd583af3e86dd1ce316c73d2c30367ade318e6e6de8
                                                                        • Instruction ID: a0eeeaf1553b1007b7371e1dca57fb8144742923a9209ba41412ab407dfd77a5
                                                                        • Opcode Fuzzy Hash: ee5564cedd98f73127dc9cd583af3e86dd1ce316c73d2c30367ade318e6e6de8
                                                                        • Instruction Fuzzy Hash: FB31867191007186DBB1CF2ED8C486B37E5EBC632274A4596E9C19B16EC730E4179BB1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 014629F0 Relevance: .1, Instructions: 87COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 568c134e44c033a8c5400a5f7dc4046b2e796b2b9233d8b4c9ea9bac3b1f16e6
                                                                        • Instruction ID: 12878148a0b5ec5a46a0ea7ab9cb311968a03afce9f8ee6c82dc3e9222663a96
                                                                        • Opcode Fuzzy Hash: 568c134e44c033a8c5400a5f7dc4046b2e796b2b9233d8b4c9ea9bac3b1f16e6
                                                                        • Instruction Fuzzy Hash: 3721A131B003165B8B0CDE7ECD8456EB797ABC8600F09C63E9949EB385DEB09D16C682
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01484840 Relevance: .1, Instructions: 86COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e24460ceb30c0278e48fda21a41eff6005c419903aac3db4fdd2074219711cd6
                                                                        • Instruction ID: 0de7b82c339a39f289b77303899a67fc46367a70c31d0145cd99e3a39a7d33a2
                                                                        • Opcode Fuzzy Hash: e24460ceb30c0278e48fda21a41eff6005c419903aac3db4fdd2074219711cd6
                                                                        • Instruction Fuzzy Hash: FC21953793081B875B38A6788C413ADBB91E98126830D43ABCA55E3770E338EA16C594
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091DCF0 Relevance: 145.6, APIs: 77, Strings: 6, Instructions: 367COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?instance@BLauncher@@SAPAV1@XZ.BLAUNCHER(?,00000006,EB0B5FE6,00000000,?,?), ref: 0091DD30
                                                                        • ?getAppConfigValue@BLauncher@@QAE?AVQVariant@@W4AppConfig@1@@Z.BLAUNCHER ref: 0091DD38
                                                                        • ?toString@QVariant@@QBE?AVQString@@XZ.QT5CORE(?), ref: 0091DD4B
                                                                        • ??4QString@@QAEAAV0@$$QAV0@@Z.QT5CORE(00000000), ref: 0091DD58
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091DD61
                                                                        • ??1QVariant@@QAE@XZ.QT5CORE ref: 0091DD6A
                                                                        • ??0QString@@QAE@ABV0@@Z.QT5CORE(?,EB0B5FE6,00000000,?,?), ref: 0091DD86
                                                                        • ?instance@BLauncher@@SAPAV1@XZ.BLAUNCHER(?,00000027), ref: 0091DD99
                                                                        • ?getAppConfigValue@BLauncher@@QAE?AVQVariant@@W4AppConfig@1@@Z.BLAUNCHER ref: 0091DDA1
                                                                        • ?toString@QVariant@@QBE?AVQString@@XZ.QT5CORE(?), ref: 0091DDB1
                                                                        • ?writableLocation@QStandardPaths@@SA?AVQString@@W4StandardLocation@1@@Z.QT5CORE(?,0000000D), ref: 0091DDC3
                                                                        • ??0QString@@QAE@ABV0@@Z.QT5CORE(00000000), ref: 0091DDD4
                                                                        • ?fromUtf8@QString@@SA?AV1@PBDH@Z.QT5CORE(?,/../,000000FF), ref: 0091DDEC
                                                                        • ?append@QString@@QAEAAV1@ABV1@@Z.QT5CORE(00000000), ref: 0091DE03
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091DE08
                                                                        • ??0QString@@QAE@ABV0@@Z.QT5CORE(0095870C), ref: 0091DE19
                                                                        • ?append@QString@@QAEAAV1@ABV1@@Z.QT5CORE(00000000), ref: 0091DE2A
                                                                        • ??0QString@@QAE@ABV0@@Z.QT5CORE(000000FF), ref: 0091DE37
                                                                        • ?append@QString@@QAEAAV1@ABV1@@Z.QT5CORE(009763F8), ref: 0091DE4C
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091DE65
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091DE6E
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091DE77
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091DE80
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091DE89
                                                                        • ??1QVariant@@QAE@XZ.QT5CORE ref: 0091DE96
                                                                        • ??0QFile@@QAE@ABVQString@@@Z.QT5CORE(?), ref: 0091DEA3
                                                                        • ?open@QFile@@UAE_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z.QT5CORE ref: 0091DEC3
                                                                        • ?readAll@QIODevice@@QAE?AVQByteArray@@XZ.QT5CORE(?), ref: 0091DED8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: String@@$Variant@@$V0@@$Launcher@@$?append@V1@@$?get?instance@ConfigConfig@1@@File@@StandardString@Value@$?from?open@?read?writableAll@Array@@ByteDevice@@Device@@@@@Flag@Flags@Location@Location@1@@ModeOpenPaths@@String@@@Utf8@V0@$$
                                                                        • String ID: %$/../$cloud_app_url$game_name$package_name$type
                                                                        • API String ID: 4052337243-3274156771
                                                                        • Opcode ID: 8af3c7e04970c177f70ee40fd22bd7d10c4b64744030dd193aec9a40eca41a9c
                                                                        • Instruction ID: 647060737d31f80c52516d18f4db6cb236dfa4bba8f165154eb382c71d79a3f0
                                                                        • Opcode Fuzzy Hash: 8af3c7e04970c177f70ee40fd22bd7d10c4b64744030dd193aec9a40eca41a9c
                                                                        • Instruction Fuzzy Hash: 15F14E7181834DEFDF08DFA4ED58ADEBB78AF14306F108059E406A32A0EB715B49DB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091D890 Relevance: 79.1, APIs: 44, Strings: 1, Instructions: 348COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ??0QByteArray@@QAE@XZ.QT5CORE(EB0B5FE6,00000000,00000000), ref: 0091D8C0
                                                                        • ??0QByteArray@@QAE@XZ.QT5CORE ref: 0091D8C9
                                                                        • ??0QByteArray@@QAE@XZ.QT5CORE ref: 0091D8D2
                                                                        • ??0QByteArray@@QAE@XZ.QT5CORE ref: 0091D8DB
                                                                        • ??0QByteArray@@QAE@XZ.QT5CORE ref: 0091D8E4
                                                                        • ??0QByteArray@@QAE@XZ.QT5CORE ref: 0091D8ED
                                                                          • Part of subcall function 0091DCF0: ?instance@BLauncher@@SAPAV1@XZ.BLAUNCHER(?,00000006,EB0B5FE6,00000000,?,?), ref: 0091DD30
                                                                          • Part of subcall function 0091DCF0: ?getAppConfigValue@BLauncher@@QAE?AVQVariant@@W4AppConfig@1@@Z.BLAUNCHER ref: 0091DD38
                                                                          • Part of subcall function 0091DCF0: ?toString@QVariant@@QBE?AVQString@@XZ.QT5CORE(?), ref: 0091DD4B
                                                                          • Part of subcall function 0091DCF0: ??4QString@@QAEAAV0@$$QAV0@@Z.QT5CORE(00000000), ref: 0091DD58
                                                                          • Part of subcall function 0091DCF0: ??1QString@@QAE@XZ.QT5CORE ref: 0091DD61
                                                                          • Part of subcall function 0091DCF0: ??1QVariant@@QAE@XZ.QT5CORE ref: 0091DD6A
                                                                        • ?toLatin1@QString@@QGBE?AVQByteArray@@XZ.QT5CORE(?), ref: 0091D927
                                                                        • ?data@QByteArray@@QAEPADXZ.QT5CORE ref: 0091D933
                                                                        • ??1QByteArray@@QAE@XZ.QT5CORE ref: 0091D970
                                                                        • ?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PBV1@PAPAX01PAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PBHPBU3@@Z.QT5CORE(?,00000000,Function_00013D80,00000000,00000000,00000000,00000001,00000000,00975374,0000000C), ref: 0091D9EF
                                                                        • ??1Connection@QMetaObject@@QAE@XZ.QT5CORE ref: 0091D9FB
                                                                        • ?toLatin1@QString@@QGBE?AVQByteArray@@XZ.QT5CORE(?), ref: 0091DA08
                                                                        • ?data@QByteArray@@QAEPADXZ.QT5CORE ref: 0091DA14
                                                                        • ??1QByteArray@@QAE@XZ.QT5CORE(00000001), ref: 0091DAE4
                                                                        • ?isMaximized@QWidget@@QBE_NXZ.QT5WIDGETS ref: 0091DB18
                                                                        • ?isFullScreen@QWidget@@QBE_NXZ.QT5WIDGETS ref: 0091DB29
                                                                        • ?left@QRect@@QBEHXZ.QT5CORE ref: 0091DB40
                                                                        • ?top@QRect@@QBEHXZ.QT5CORE ref: 0091DB55
                                                                        • ?screenAt@QGuiApplication@@SAPAVQScreen@@ABVQPoint@@@Z.QT5GUI(009763AC), ref: 0091DB6E
                                                                        • ?primaryScreen@QGuiApplication@@SAPAVQScreen@@XZ.QT5GUI ref: 0091DB7D
                                                                        • ?screens@QGuiApplication@@SA?AV?$QList@PAVQScreen@@@@XZ.QT5GUI(?), ref: 0091DB8D
                                                                        • ?size@QListData@@QBEHXZ.QT5CORE ref: 0091DB98
                                                                        • ?screens@QGuiApplication@@SA?AV?$QList@PAVQScreen@@@@XZ.QT5GUI(?), ref: 0091DBB4
                                                                        • ?at@QListData@@QBEPAPAXH@Z.QT5CORE(00000000), ref: 0091DBC1
                                                                        • ?availableGeometry@QScreen@@QBE?AVQRect@@XZ.QT5GUI(?), ref: 0091DBDB
                                                                        • ?width@QRect@@QBEHXZ.QT5CORE ref: 0091DBE4
                                                                        • ?left@QRect@@QBEHXZ.QT5CORE ref: 0091DBEF
                                                                        • ?width@QWidget@@QBEHXZ.QT5WIDGETS ref: 0091DBF9
                                                                        • ?height@QRect@@QBEHXZ.QT5CORE ref: 0091DC09
                                                                        • ?top@QRect@@QBEHXZ.QT5CORE ref: 0091DC14
                                                                        • ?height@QWidget@@QBEHXZ.QT5WIDGETS ref: 0091DC1E
                                                                        • ?move@QWidget@@QAEXABVQPoint@@@Z.QT5WIDGETS(009763AC), ref: 0091DC3C
                                                                        • ?winId@QWidget@@QBEIXZ.QT5WIDGETS(000000FF,00000000,00000000,00000000,00000000,00000003), ref: 0091DC56
                                                                        • SetWindowPos.USER32(00000000), ref: 0091DC5F
                                                                        • ?winId@QWidget@@QBEIXZ.QT5WIDGETS(000000FE,00000000,00000000,00000000,00000000,00000003), ref: 0091DC70
                                                                        • SetWindowPos.USER32(00000000), ref: 0091DC73
                                                                        • ?showNormal@QWidget@@QAEXXZ.QT5WIDGETS ref: 0091DC78
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091DC81
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091DC8A
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091DC93
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091DC9C
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091DCA5
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091DCAE
                                                                        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP140(list too long,00000000,00000001), ref: 0091DCD4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Array@@Byte$String@@$Widget@@$Rect@@$Application@@$Object@@Screen@@Variant@@$?data@?height@?left@?screens@?top@?width@?winConnection@Data@@Latin1@Launcher@@ListList@MetaPoint@@@Screen@Screen@@@@Window$?at@?available?connect?get?instance@?move@?primary?screen?show?size@Base@ConfigConfig@1@@ConnectionFullGeometry@Impl@Maximized@Normal@ObjectPrivate@@Qt@@SlotString@Type@U3@@V0@$$V0@@Value@Xlength_error@std@@
                                                                        • String ID: list too long
                                                                        • API String ID: 3484870350-1124181908
                                                                        • Opcode ID: 927ffceb5c6f4eb9eb262c67db8a2a87f152922ed3459b460f59a7f73ad5b547
                                                                        • Instruction ID: ebc24d91df46e145a720b760f8a60b4eee26d1e65889b93d0ec1859fe890579e
                                                                        • Opcode Fuzzy Hash: 927ffceb5c6f4eb9eb262c67db8a2a87f152922ed3459b460f59a7f73ad5b547
                                                                        • Instruction Fuzzy Hash: 04D1AB71A04308DFDF18DFA4D848BEDBBB8FF44305F144159E44AAB2A1EB71AA45CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091E240 Relevance: 75.6, APIs: 42, Strings: 1, Instructions: 301synchronizationCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SetDllDirectoryA.KERNEL32(./cef), ref: 0091E279
                                                                        • ?setAttribute@QCoreApplication@@SAXW4ApplicationAttribute@Qt@@_N@Z.QT5CORE(00000014,00000001), ref: 0091E289
                                                                        • ?setAttribute@QCoreApplication@@SAXW4ApplicationAttribute@Qt@@_N@Z.QT5CORE(00000012,00000001), ref: 0091E28F
                                                                        • ?setHighDpiScaleFactorRoundingPolicy@QGuiApplication@@SAXW4HighDpiScaleFactorRoundingPolicy@Qt@@@Z.QT5GUI(00000005), ref: 0091E293
                                                                        • ??0QApplication@@QAE@AAHPAPADH@Z.QT5WIDGETS(?,?,00050F08), ref: 0091E2A9
                                                                          • Part of subcall function 00916A00: GetModuleHandleW.KERNEL32(00000000,EB0B5FE6), ref: 00916A30
                                                                        • ?instance@BLauncher@@SAPAV1@XZ.BLAUNCHER(?,00000025), ref: 0091E2DB
                                                                        • ?getAppConfigValue@BLauncher@@QAE?AVQVariant@@W4AppConfig@1@@Z.BLAUNCHER ref: 0091E2DF
                                                                        • ?toString@QVariant@@QBE?AVQString@@XZ.QT5CORE(?), ref: 0091E2EF
                                                                        • ?toStdWString@QString@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ.QT5CORE(?), ref: 0091E2FF
                                                                        • CreateMutexW.KERNEL32(00000000,00000001,00000000), ref: 0091E312
                                                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0091E347
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091E36E
                                                                        • ??1QVariant@@QAE@XZ.QT5CORE ref: 0091E37D
                                                                        • GetLastError.KERNEL32 ref: 0091E38D
                                                                        • ?instance@BLauncher@@SAPAV1@XZ.BLAUNCHER(?,00000024), ref: 0091E3BC
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091E3E8
                                                                        • ??1QVariant@@QAE@XZ.QT5CORE ref: 0091E3F5
                                                                        • ?fromUtf8@QString@@SA?AV1@PBDH@Z.QT5CORE(?,00000005,000000FF), ref: 0091E404
                                                                        • ??1QApplication@@UAE@XZ.QT5WIDGETS ref: 0091E5FC
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Application@@String@@$Attribute@Variant@@$?setLauncher@@$?instance@ApplicationCoreFactorHighPolicy@Qt@@_RoundingScaleString@$?from?getConfigConfig@1@@CreateDirectoryErrorHandleLastModuleMutexQt@@@U?$char_traits@_Utf8@V?$allocator@_V?$basic_string@_Value@W@2@@std@@W@std@@_invalid_parameter_noinfo_noreturn
                                                                        • String ID: ./cef
                                                                        • API String ID: 902210927-3058235366
                                                                        • Opcode ID: 7a550884197346c1916800309a603fd1355c6afb4cae05a31e49055e202e03cd
                                                                        • Instruction ID: 9442f6075f53f37d90b7e71ae88e79e4f284de4317bbcfed4117545f1ddd1fe4
                                                                        • Opcode Fuzzy Hash: 7a550884197346c1916800309a603fd1355c6afb4cae05a31e49055e202e03cd
                                                                        • Instruction Fuzzy Hash: 10C18B30E18348EFDF08DBB8DD49BDDBBB8AF48305F104059E916A3290EB755A48DB61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00917730 Relevance: 65.0, APIs: 33, Strings: 4, Instructions: 216COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(cefBrowser,0000000A,EB0B5FE6), ref: 0091776F
                                                                        • ?instance@Language@@SAPAV1@XZ.BLAUNCHER(?), ref: 00917782
                                                                        • ?getCurrentLD@Language@@QBE?AULanguageDetail@@XZ.BLAUNCHER ref: 0091778A
                                                                        • ?applicationDirPath@QCoreApplication@@SA?AVQString@@XZ.QT5CORE(?), ref: 0091779A
                                                                        • ??0QString@@QAE@ABV0@@Z.QT5CORE(00000000), ref: 009177AB
                                                                        • ?fromUtf8@QString@@SA?AV1@PBDH@Z.QT5CORE(?,/www/offline_cef.html,000000FF), ref: 009177C3
                                                                        • ?append@QString@@QAEAAV1@ABV1@@Z.QT5CORE(00000000), ref: 009177D4
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 009177E1
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(%1?location=%2&lang=%3,00000016), ref: 009177EE
                                                                        • ??0QChar@@QAE@UQLatin1Char@@@Z.QT5CORE(00000020), ref: 00917803
                                                                        • ?arg@QString@@QBE?AV1@ABV1@HVQChar@@@Z.QT5CORE(?,?,00000000), ref: 0091781C
                                                                        • ??0QChar@@QAE@UQLatin1Char@@@Z.QT5CORE(00000020), ref: 0091782E
                                                                        • ?arg@QString@@QBE?AV1@ABV1@HVQChar@@@Z.QT5CORE(?,?,00000000), ref: 00917840
                                                                        • ??0QChar@@QAE@UQLatin1Char@@@Z.QT5CORE(00000020), ref: 00917852
                                                                        • ?arg@QString@@QBE?AV1@ABV1@HVQChar@@@Z.QT5CORE(?,00000008,00000000), ref: 00917864
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00917869
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00917872
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091787B
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00917884
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091788D
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00917896
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091789F
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 009178A8
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 009178B1
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 009178BA
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 009178C3
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 009178CC
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 009178D5
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 009178E2
                                                                        • ?toLatin1@QString@@QGBE?AVQByteArray@@XZ.QT5CORE(?), ref: 009178FE
                                                                        • ?data@QByteArray@@QAEPADXZ.QT5CORE ref: 0091790A
                                                                        • ??1QByteArray@@QAE@XZ.QT5CORE ref: 009179D5
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 009179DE
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: String@@$Char@@@$?arg@?fromArray@@ByteChar@@Latin1$ArrayAscii_helper@Data@Language@@Typed$?append@?application?data@?get?instance@Application@@CoreCurrentDetail@@LanguageLatin1@Path@Utf8@V0@@V1@@
                                                                        • String ID: $%1?location=%2&lang=%3$/www/offline_cef.html$cefBrowser
                                                                        • API String ID: 4282736937-2164658712
                                                                        • Opcode ID: 3b4f283a53a635a8d536bdb0dc810acf782941a1713aee6315d981f690adb258
                                                                        • Instruction ID: f7d18d46178c8524c316be7fb700b0608494a4b61d1f6960708445734d26ba81
                                                                        • Opcode Fuzzy Hash: 3b4f283a53a635a8d536bdb0dc810acf782941a1713aee6315d981f690adb258
                                                                        • Instruction Fuzzy Hash: D8918B70914349DFDF08DFA5DC58BDDBBB8BF09306F144198E402A32A0EB725A49DB61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00918160 Relevance: 65.0, APIs: 33, Strings: 4, Instructions: 215COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(cefBrowser,0000000A,EB0B5FE6), ref: 009181A3
                                                                        • ?instance@Language@@SAPAV1@XZ.BLAUNCHER(?), ref: 009181B3
                                                                        • ?getCurrentLD@Language@@QBE?AULanguageDetail@@XZ.BLAUNCHER ref: 009181BB
                                                                        • ?applicationDirPath@QCoreApplication@@SA?AVQString@@XZ.QT5CORE(?), ref: 009181CB
                                                                        • ??0QString@@QAE@ABV0@@Z.QT5CORE(00000000), ref: 009181DC
                                                                        • ?fromUtf8@QString@@SA?AV1@PBDH@Z.QT5CORE(?,/www/offline_cef.html,000000FF), ref: 009181F4
                                                                        • ?append@QString@@QAEAAV1@ABV1@@Z.QT5CORE(00000000), ref: 00918205
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00918212
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(%1?location=%2&lang=%3,00000016), ref: 0091821F
                                                                        • ??0QChar@@QAE@UQLatin1Char@@@Z.QT5CORE(00000020), ref: 00918234
                                                                        • ?arg@QString@@QBE?AV1@ABV1@HVQChar@@@Z.QT5CORE(?,?,00000000), ref: 0091824D
                                                                        • ??0QChar@@QAE@UQLatin1Char@@@Z.QT5CORE(00000020), ref: 0091825F
                                                                        • ?arg@QString@@QBE?AV1@ABV1@HVQChar@@@Z.QT5CORE(?,?,00000000), ref: 00918271
                                                                        • ??0QChar@@QAE@UQLatin1Char@@@Z.QT5CORE(00000020), ref: 00918283
                                                                        • ?arg@QString@@QBE?AV1@ABV1@HVQChar@@@Z.QT5CORE(?,00000008,00000000), ref: 00918295
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091829A
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 009182A3
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 009182AC
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 009182B5
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 009182BE
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 009182C7
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 009182D0
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 009182D9
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 009182E2
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 009182EB
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 009182F4
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 009182FD
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00918306
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00918313
                                                                        • ?toLatin1@QString@@QGBE?AVQByteArray@@XZ.QT5CORE(00000020), ref: 00918320
                                                                        • ?data@QByteArray@@QAEPADXZ.QT5CORE ref: 0091832C
                                                                        • ??1QByteArray@@QAE@XZ.QT5CORE ref: 009183C9
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 009183D2
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: String@@$Char@@@$?arg@?fromArray@@ByteChar@@Latin1$ArrayAscii_helper@Data@Language@@Typed$?append@?application?data@?get?instance@Application@@CoreCurrentDetail@@LanguageLatin1@Path@Utf8@V0@@V1@@
                                                                        • String ID: $%1?location=%2&lang=%3$/www/offline_cef.html$cefBrowser
                                                                        • API String ID: 4282736937-2164658712
                                                                        • Opcode ID: 2a691a63393bc6959fb1841dfe9b1d197a9734c2c814a8ad93a2a56036b17a70
                                                                        • Instruction ID: 0172a26a37b5d7506bd08ad2cf6d380bc6cc846acd53ab98bec22731d36a7594
                                                                        • Opcode Fuzzy Hash: 2a691a63393bc6959fb1841dfe9b1d197a9734c2c814a8ad93a2a56036b17a70
                                                                        • Instruction Fuzzy Hash: 7C919D70914349DFDF08CFA5DC58BDEBBB8AF05306F144198E412A32A1EB715A49DB61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00918B10 Relevance: 59.7, APIs: 32, Strings: 2, Instructions: 248COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00955C76: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,009158C7,00000008,?,?,?,?,00956C6D,000000FF), ref: 00955C8B
                                                                        • ??0QGridLayout@@QAE@PAVQWidget@@@Z.QT5WIDGETS(?,67781AD0), ref: 00918B5D
                                                                        • ?setContentsMargins@QLayout@@QAEXHHHH@Z.QT5WIDGETS(00000003,00000000,00000003,00000003), ref: 00918B87
                                                                          • Part of subcall function 00955C76: _callnewh.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,009158C7,00000008,?,?,?,?,00956C6D,000000FF), ref: 00955C7E
                                                                          • Part of subcall function 00955C76: _CxxThrowException.VCRUNTIME140(?,0096D38C), ref: 009562DD
                                                                        • ??0QWidget@@QAE@PAV0@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS(00957A35,00000000), ref: 00918BA6
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(background-color: #FFFFFF;,0000001A), ref: 00918BCD
                                                                        • ?setStyleSheet@QWidget@@QAEXABVQString@@@Z.QT5WIDGETS(?), ref: 00918BEA
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00918BFA
                                                                        • ?addWidget@QLayout@@QAEXPAVQWidget@@@Z.QT5WIDGETS(8DCCCCCC), ref: 00918C05
                                                                        • ??0QVBoxLayout@@QAE@PAVQWidget@@@Z.QT5WIDGETS(8DCCCCCC), ref: 00918C29
                                                                        • ?setContentsMargins@QLayout@@QAEXHHHH@Z.QT5WIDGETS(00000000,00000000,00000000,00000000), ref: 00918C4D
                                                                        • ??0QSpacerItem@@QAE@HHW4Policy@QSizePolicy@@0@Z.QT5WIDGETS(00000028,00000014,00000001,00000007), ref: 00918C6F
                                                                        • ??0QSpacerItem@@QAE@HHW4Policy@QSizePolicy@@0@Z.QT5WIDGETS(00000028,00000014,00000001,00000007), ref: 00918CA2
                                                                        • ??0QLabel@@QAE@PAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS(00957A35,00000000), ref: 00918CD0
                                                                        • ?toLatin1@QString@@QGBE?AVQByteArray@@XZ.QT5CORE(00000000), ref: 00918CF6
                                                                        • ?data@QByteArray@@QAEPADXZ.QT5CORE ref: 00918D05
                                                                        • ?tr@QMetaObject@@QBE?AVQString@@PBD0H@Z.QT5CORE(?,00000000,00000000,000000FF), ref: 00918D19
                                                                        • ?setText@QLabel@@QAEXABVQString@@@Z.QT5WIDGETS(?), ref: 00918D2A
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00918D33
                                                                        • ??1QByteArray@@QAE@XZ.QT5CORE ref: 00918D43
                                                                        • ?setAlignment@QLabel@@QAEXV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS(00000084), ref: 00918D57
                                                                        • ?setFixedHeight@QWidget@@QAEXH@Z.QT5WIDGETS(00000032), ref: 00918D67
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE( QLabel{ color: #000000; font-style: normal; font-weight: 400; font-size: 16px; line-height: 27px; background-color: transparent; } ,000000E0), ref: 00918D73
                                                                        • ?setStyleSheet@QWidget@@QAEXABVQString@@@Z.QT5WIDGETS(?), ref: 00918D90
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00918DA0
                                                                          • Part of subcall function 0091CFB0: ??0QLabel@@QAE@PAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS(00918DC4,00000000,EB0B5FE6,68209160,00000000,00000000,009583DE,000000FF,?,00918DC4,00957A35), ref: 0091CFDE
                                                                          • Part of subcall function 0091CFB0: ??0QPixmap@@QAE@XZ.QT5GUI(?,00918DC4), ref: 0091D002
                                                                          • Part of subcall function 0091CFB0: _Mtx_init_in_situ.MSVCP140(0000002C,00000002,?,00918DC4), ref: 0091D00E
                                                                        • ?setAlignment@QLabel@@QAEXV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS(00957A35,00957A35), ref: 00918DDD
                                                                        • ?setFixedHeight@QWidget@@QAEXH@Z.QT5WIDGETS(0000004C), ref: 00918DE7
                                                                        • ?applicationDirPath@QCoreApplication@@SA?AVQString@@XZ.QT5CORE(?), ref: 00918DED
                                                                        • ??0QString@@QAE@ABV0@@Z.QT5CORE(00000000), ref: 00918E01
                                                                        • ?append@QString@@QAEAAV1@ABV1@@Z.QT5CORE(0097634C), ref: 00918E16
                                                                          • Part of subcall function 0091D2F0: ?stop@QMovie@@QAEXXZ.QT5GUI(EB0B5FE6,00957A35,68209160,00000000,?,00000000,009584AE), ref: 0091D32E
                                                                          • Part of subcall function 0091D2F0: ?disconnectImpl@QObject@@CA_NPBV1@PAPAX01PBUQMetaObject@@@Z.QT5CORE(?,00000000,F0E9BC4D,?), ref: 0091D357
                                                                          • Part of subcall function 0091D2F0: ??0QByteArray@@QAE@XZ.QT5CORE(00000000,?,00000000,009584AE), ref: 0091D387
                                                                          • Part of subcall function 0091D2F0: ??0QMovie@@QAE@ABVQString@@ABVQByteArray@@PAVQObject@@@Z.QT5GUI(00918E28,00000000,F0E9BC4D,?,00000000,009584AE), ref: 0091D39F
                                                                          • Part of subcall function 0091D2F0: ??1QByteArray@@QAE@XZ.QT5CORE(?,00000000,009584AE), ref: 0091D3B8
                                                                          • Part of subcall function 0091D2F0: ??0QSize@@QAE@HH@Z.QT5CORE(0000004C,0000004C,?,00000000,009584AE), ref: 0091D3C5
                                                                          • Part of subcall function 0091D2F0: ?setScaledSize@QMovie@@QAEXABVQSize@@@Z.QT5GUI(?,?,00000000,009584AE), ref: 0091D3D2
                                                                          • Part of subcall function 0091D2F0: ?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PBV1@PAPAX01PAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PBHPBU3@@Z.QT5CORE(00000000,?,00918E28,F0E9BC4D,0091D1E0,00000000,00000000,00000000), ref: 0091D428
                                                                          • Part of subcall function 0091D2F0: ??1Connection@QMetaObject@@QAE@XZ.QT5CORE ref: 0091D434
                                                                          • Part of subcall function 0091D2F0: ?start@QMovie@@QAEXXZ.QT5GUI ref: 0091D43D
                                                                        • ??1QString@@QAE@XZ.QT5CORE(00000000), ref: 00918E2B
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00918E3B
                                                                        • ?addWidget@QBoxLayout@@QAEXPAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS(F0E9BC4D,00000000,00000000), ref: 00918E5E
                                                                        • ?addWidget@QBoxLayout@@QAEXPAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS(8DFFFBDE,00000000,00000000), ref: 00918E69
                                                                        Strings
                                                                        • background-color: #FFFFFF;, xrefs: 00918BBE
                                                                        • QLabel{ color: #000000; font-style: normal; font-weight: 400; font-size: 16px; line-height: 27px; background-color: transparent; } , xrefs: 00918D6E
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: String@@$?set$Widget@@$Flags@Layout@@Qt@@@@@$Array@@Byte$Label@@Object@@$AlignmentFlag@MetaMovie@@Type@$?addString@@@Widget@Widget@@@Window$?fromAlignment@ArrayAscii_helper@Connection@ContentsData@FixedHeight@Impl@Item@@Margins@Object@@@Policy@Policy@@0@Sheet@SizeSpacerStyleTyped$?append@?application?connect?data@?disconnect?start@?stop@?tr@Application@@Base@ConnectionCoreExceptionGridLatin1@Mtx_init_in_situObjectPath@Pixmap@@Private@@Qt@@ScaledSize@Size@@Size@@@SlotText@ThrowU3@@V0@@V1@@_callnewhmalloc
                                                                        • String ID: QLabel{ color: #000000; font-style: normal; font-weight: 400; font-size: 16px; line-height: 27px; background-color: transparent; } $background-color: #FFFFFF;
                                                                        • API String ID: 3304168964-2668089273
                                                                        • Opcode ID: 068fd67239789976207b320b227563c7e63de9fb4c29a4834123a1109e7a2b01
                                                                        • Instruction ID: 29220eb0237e5423bc97efdbf45ce5c1951dbf25282cc29ae6179937e24a3ff5
                                                                        • Opcode Fuzzy Hash: 068fd67239789976207b320b227563c7e63de9fb4c29a4834123a1109e7a2b01
                                                                        • Instruction Fuzzy Hash: 56A19BB0A1030AEFDB14DF95CC49B9EBBB4FF48721F104218E525AB2E0DBB11A44DB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091A690 Relevance: 57.9, APIs: 27, Strings: 6, Instructions: 170COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(BlueStacks,0000000A,EB0B5FE6,6820C3A0,6766F990), ref: 0091A6D1
                                                                        • ?setText@QLabel@@QAEXABVQString@@@Z.QT5WIDGETS(?), ref: 0091A6E7
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091A6F7
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE( QLabel{ color: #FFFFFF; font-style: normal; font-weight: bold; font-size: 18px; line-height: 27px; } ,000000B6), ref: 0091A707
                                                                        • ?setStyleSheet@QWidget@@QAEXABVQString@@@Z.QT5WIDGETS(?), ref: 0091A71D
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091A72D
                                                                        • ?applicationDirPath@QCoreApplication@@SA?AVQString@@XZ.QT5CORE(?), ref: 0091A73D
                                                                        • ??0QString@@QAE@ABV0@@Z.QT5CORE(00000000), ref: 0091A74D
                                                                        • ?append@QString@@QAEAAV1@ABV1@@Z.QT5CORE(00976378), ref: 0091A768
                                                                        • ?tr@QMetaObject@@QBE?AVQString@@PBD0H@Z.QT5CORE(?,Minimize,00000000,000000FF), ref: 0091A782
                                                                          • Part of subcall function 009198F0: ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(0095EC24,00000000,EB0B5FE6,6766BF60,00976390,0097639C), ref: 0091991D
                                                                          • Part of subcall function 009198F0: ?setText@QAbstractButton@@QAEXABVQString@@@Z.QT5WIDGETS(?), ref: 00919939
                                                                          • Part of subcall function 009198F0: ??1QString@@QAE@XZ.QT5CORE ref: 00919949
                                                                          • Part of subcall function 009198F0: ?setFixedSize@QWidget@@QAEXHH@Z.QT5WIDGETS(00000028,00000028), ref: 00919955
                                                                          • Part of subcall function 009198F0: ??0QCursor@@QAE@W4CursorShape@Qt@@@Z.QT5GUI(0000000D), ref: 00919960
                                                                          • Part of subcall function 009198F0: ?setCursor@QWidget@@QAEXABVQCursor@@@Z.QT5WIDGETS(?), ref: 00919973
                                                                          • Part of subcall function 009198F0: ??1QCursor@@QAE@XZ.QT5GUI ref: 00919983
                                                                          • Part of subcall function 009198F0: ??0QSize@@QAE@HH@Z.QT5CORE(00000010,00000010), ref: 00919990
                                                                          • Part of subcall function 009198F0: ?setImageSize@ImageButton@@QAEXABVQSize@@@Z.UICONTROL(00000000), ref: 00919999
                                                                          • Part of subcall function 009198F0: ?setFocusPolicy@QWidget@@QAEXW4FocusPolicy@Qt@@@Z.QT5WIDGETS(00000000), ref: 009199A3
                                                                          • Part of subcall function 009198F0: ?setToolTip@QWidget@@QAEXABVQString@@@Z.QT5WIDGETS(?), ref: 009199AE
                                                                          • Part of subcall function 009198F0: ?setImage@ImageButton@@QAEXABVQString@@@Z.UICONTROL(?), ref: 009199B9
                                                                          • Part of subcall function 009198F0: ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE( QPushButton:hover{ background-color: %1; } QPushButton:pressed{ background-color: %2; } ,00000085), ref: 009199C9
                                                                          • Part of subcall function 009198F0: ?arg@QString@@QBE?AV1@ABV1@0@Z.QT5CORE(?,?,?), ref: 009199E9
                                                                          • Part of subcall function 009198F0: ?setStyleSheet@QWidget@@QAEXABVQString@@@Z.QT5WIDGETS(00000000), ref: 009199F6
                                                                          • Part of subcall function 009198F0: ??1QString@@QAE@XZ.QT5CORE ref: 009199FF
                                                                          • Part of subcall function 009198F0: ??1QString@@QAE@XZ.QT5CORE ref: 00919A08
                                                                        • ??1QString@@QAE@XZ.QT5CORE(?,?,?,00976390,0097639C), ref: 0091A7B2
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091A7BB
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091A7CB
                                                                        • ?applicationDirPath@QCoreApplication@@SA?AVQString@@XZ.QT5CORE(?), ref: 0091A7D5
                                                                        • ??0QString@@QAE@ABV0@@Z.QT5CORE(00000000), ref: 0091A7E5
                                                                        • ?append@QString@@QAEAAV1@ABV1@@Z.QT5CORE(00976384), ref: 0091A7FA
                                                                        • ?tr@QMetaObject@@QBE?AVQString@@PBD0H@Z.QT5CORE(?,Maximize,00000000,000000FF), ref: 0091A80E
                                                                        • ??1QString@@QAE@XZ.QT5CORE(?,?,?,00976390,0097639C), ref: 0091A83E
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091A847
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091A857
                                                                        • ?applicationDirPath@QCoreApplication@@SA?AVQString@@XZ.QT5CORE(?), ref: 0091A861
                                                                        • ??0QString@@QAE@ABV0@@Z.QT5CORE(00000000), ref: 0091A871
                                                                        • ?append@QString@@QAEAAV1@ABV1@@Z.QT5CORE(00976398), ref: 0091A886
                                                                        • ?tr@QMetaObject@@QBE?AVQString@@PBD0H@Z.QT5CORE(?,Close,00000000,000000FF), ref: 0091A89A
                                                                        • ??1QString@@QAE@XZ.QT5CORE(?,?,?,009763A0,0097636C), ref: 0091A8CA
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091A8D3
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091A8DC
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: String@@$?set$String@@@Widget@@$?fromArrayAscii_helper@Data@Typed$?append@?application?tr@Application@@Button@@CoreImageMetaObject@@Path@V0@@V1@@$Cursor@@FocusPolicy@Qt@@@Sheet@Size@StyleText@$?arg@AbstractCursorCursor@Cursor@@@FixedImage@Label@@Shape@Size@@Size@@@Tip@ToolV1@0@
                                                                        • String ID: QLabel{ color: #FFFFFF; font-style: normal; font-weight: bold; font-size: 18px; line-height: 27px; } $:$BlueStacks$Close$Maximize$Minimize
                                                                        • API String ID: 2420910500-3390621080
                                                                        • Opcode ID: ccda973e748fce7b15b36430c7fbaa5e78de9f214178966ea9f1fda5507449e7
                                                                        • Instruction ID: b366ddfe9b8adc5182d70a73e6dd06269c58cc132c4342227600d2ba46ea3c89
                                                                        • Opcode Fuzzy Hash: ccda973e748fce7b15b36430c7fbaa5e78de9f214178966ea9f1fda5507449e7
                                                                        • Instruction Fuzzy Hash: 1E613771D0430EAFDB08DF94CC85ADEBBB8EB49319F104159E515B32A0EB716A49CFA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00912120 Relevance: 54.4, APIs: 16, Strings: 15, Instructions: 139COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(0095EC24), ref: 00912163
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_SearchResult,00000015), ref: 00912183
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_SearchPromotes,00000017), ref: 0091219D
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_UserProfile,00000014), ref: 009121B4
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_MainWindow,00000013), ref: 009121CB
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_MyGame,0000000F), ref: 009121E2
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_MyGame_Android,00000017), ref: 009121F9
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_MyGame_CloudGame,00000019), ref: 00912210
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_MyGame_MultiInstance,0000001D), ref: 0091222A
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_MyGame_MultiInstanceButton,00000023), ref: 00912241
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_EngineInstall,00000016), ref: 00912258
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_CloudModeReinstallPopup,00000020), ref: 0091226F
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_SideBar,00000010), ref: 00912286
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_LoginWindow,00000014), ref: 0091229D
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_BSXUpdate,00000012), ref: 009122B4
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_CSPop,0000000E), ref: 009122CB
                                                                          • Part of subcall function 00915AC0: ?createData@QMapDataBase@@SAPAU1@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915AF9
                                                                          • Part of subcall function 00915AC0: ??1QString@@QAE@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915B47
                                                                          • Part of subcall function 00915AC0: ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z.QT5CORE(?,00000004,?,6766F990,?,?,009119A1,?,?), ref: 00915B6C
                                                                          • Part of subcall function 00915AC0: ?freeData@QMapDataBase@@SAXPAU1@@Z.QT5CORE(00000000,?,6766F990,?,?,009119A1,?,?), ref: 00915B73
                                                                          • Part of subcall function 00915AC0: ?recalcMostLeftNode@QMapDataBase@@QAEXXZ.QT5CORE(?,?,009119A1,?,?), ref: 00915B83
                                                                          • Part of subcall function 00915AC0: ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(009119A5,?,6766F990,?,?,009119A1), ref: 00915BCE
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Data@String@@$?fromArrayAscii_helper@Typed$Base@@$Data$?free$?create?recalcLeftMostNodeNode@Tree@U1@@V0@@
                                                                        • String ID: Launcher_BSXUpdate$Launcher_CSPop$Launcher_CloudModeReinstallPopup$Launcher_EngineInstall$Launcher_LoginWindow$Launcher_MainWindow$Launcher_MyGame$Launcher_MyGame_Android$Launcher_MyGame_CloudGame$Launcher_MyGame_MultiInstance$Launcher_MyGame_MultiInstanceButton$Launcher_SearchPromotes$Launcher_SearchResult$Launcher_SideBar$Launcher_UserProfile
                                                                        • API String ID: 1507181118-1253826229
                                                                        • Opcode ID: 78f4ba541f56e43ad251aa6d04149d13452f894f101b830e5b652cca47a7deb3
                                                                        • Instruction ID: 35435d9e56a3d53f33b67cbbe43631559eaac971801c486aeab9e7e31a76f846
                                                                        • Opcode Fuzzy Hash: 78f4ba541f56e43ad251aa6d04149d13452f894f101b830e5b652cca47a7deb3
                                                                        • Instruction Fuzzy Hash: 97512DB0D4539CEEEB10DFA5CD05BADBEB4AB44708F10415AE9547B2C2DBF50A089F91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00915560 Relevance: 54.4, APIs: 16, Strings: 15, Instructions: 139COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(0095EC24), ref: 009155A3
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_SearchResult,00000015), ref: 009155C3
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_SearchPromotes,00000017), ref: 009155DD
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_UserProfile,00000014), ref: 009155F4
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_MainWindow,00000013), ref: 0091560B
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_MyGame,0000000F), ref: 00915622
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_MyGame_Android,00000017), ref: 00915639
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_MyGame_CloudGame,00000019), ref: 00915650
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_MyGame_MultiInstance,0000001D), ref: 0091566A
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_MyGame_MultiInstanceButton,00000023), ref: 00915681
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_EngineInstall,00000016), ref: 00915698
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_CloudModeReinstallPopup,00000020), ref: 009156AF
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_SideBar,00000010), ref: 009156C6
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_LoginWindow,00000014), ref: 009156DD
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_BSXUpdate,00000012), ref: 009156F4
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_CSPop,0000000E), ref: 0091570B
                                                                          • Part of subcall function 00915AC0: ?createData@QMapDataBase@@SAPAU1@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915AF9
                                                                          • Part of subcall function 00915AC0: ??1QString@@QAE@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915B47
                                                                          • Part of subcall function 00915AC0: ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z.QT5CORE(?,00000004,?,6766F990,?,?,009119A1,?,?), ref: 00915B6C
                                                                          • Part of subcall function 00915AC0: ?freeData@QMapDataBase@@SAXPAU1@@Z.QT5CORE(00000000,?,6766F990,?,?,009119A1,?,?), ref: 00915B73
                                                                          • Part of subcall function 00915AC0: ?recalcMostLeftNode@QMapDataBase@@QAEXXZ.QT5CORE(?,?,009119A1,?,?), ref: 00915B83
                                                                          • Part of subcall function 00915AC0: ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(009119A5,?,6766F990,?,?,009119A1), ref: 00915BCE
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Data@String@@$?fromArrayAscii_helper@Typed$Base@@$Data$?free$?create?recalcLeftMostNodeNode@Tree@U1@@V0@@
                                                                        • String ID: Launcher_BSXUpdate$Launcher_CSPop$Launcher_CloudModeReinstallPopup$Launcher_EngineInstall$Launcher_LoginWindow$Launcher_MainWindow$Launcher_MyGame$Launcher_MyGame_Android$Launcher_MyGame_CloudGame$Launcher_MyGame_MultiInstance$Launcher_MyGame_MultiInstanceButton$Launcher_SearchPromotes$Launcher_SearchResult$Launcher_SideBar$Launcher_UserProfile
                                                                        • API String ID: 1507181118-1253826229
                                                                        • Opcode ID: de240c954ce5792e5759554bb9502282634daa47cb6c595e1c9abe82d80e39f6
                                                                        • Instruction ID: f12d668730b8364888b8a8917e0952417892f94d9fa7ea1ea2c963b33caa6820
                                                                        • Opcode Fuzzy Hash: de240c954ce5792e5759554bb9502282634daa47cb6c595e1c9abe82d80e39f6
                                                                        • Instruction Fuzzy Hash: 86512DB0D4539CEEEB10DFA5CD05BADBEB4AB44708F10415AE9547B2C2DBF50A089F91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00913ED0 Relevance: 54.4, APIs: 16, Strings: 15, Instructions: 139COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(0095EC24), ref: 00913F13
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_SearchResult,00000015), ref: 00913F33
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_SearchPromotes,00000017), ref: 00913F4D
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_UserProfile,00000014), ref: 00913F64
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_MainWindow,00000013), ref: 00913F7B
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_MyGame,0000000F), ref: 00913F92
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_MyGame_Android,00000017), ref: 00913FA9
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_MyGame_CloudGame,00000019), ref: 00913FC0
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_MyGame_MultiInstance,0000001D), ref: 00913FDA
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_MyGame_MultiInstanceButton,00000023), ref: 00913FF1
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_EngineInstall,00000016), ref: 00914008
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_CloudModeReinstallPopup,00000020), ref: 0091401F
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_SideBar,00000010), ref: 00914036
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_LoginWindow,00000014), ref: 0091404D
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_BSXUpdate,00000012), ref: 00914064
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_CSPop,0000000E), ref: 0091407B
                                                                          • Part of subcall function 00915AC0: ?createData@QMapDataBase@@SAPAU1@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915AF9
                                                                          • Part of subcall function 00915AC0: ??1QString@@QAE@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915B47
                                                                          • Part of subcall function 00915AC0: ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z.QT5CORE(?,00000004,?,6766F990,?,?,009119A1,?,?), ref: 00915B6C
                                                                          • Part of subcall function 00915AC0: ?freeData@QMapDataBase@@SAXPAU1@@Z.QT5CORE(00000000,?,6766F990,?,?,009119A1,?,?), ref: 00915B73
                                                                          • Part of subcall function 00915AC0: ?recalcMostLeftNode@QMapDataBase@@QAEXXZ.QT5CORE(?,?,009119A1,?,?), ref: 00915B83
                                                                          • Part of subcall function 00915AC0: ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(009119A5,?,6766F990,?,?,009119A1), ref: 00915BCE
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Data@String@@$?fromArrayAscii_helper@Typed$Base@@$Data$?free$?create?recalcLeftMostNodeNode@Tree@U1@@V0@@
                                                                        • String ID: Launcher_BSXUpdate$Launcher_CSPop$Launcher_CloudModeReinstallPopup$Launcher_EngineInstall$Launcher_LoginWindow$Launcher_MainWindow$Launcher_MyGame$Launcher_MyGame_Android$Launcher_MyGame_CloudGame$Launcher_MyGame_MultiInstance$Launcher_MyGame_MultiInstanceButton$Launcher_SearchPromotes$Launcher_SearchResult$Launcher_SideBar$Launcher_UserProfile
                                                                        • API String ID: 1507181118-1253826229
                                                                        • Opcode ID: d620c8a3ca50900acfa7c33c859c7305dc19d5788cc06e68b000ecee40ca9178
                                                                        • Instruction ID: 017b89bb41ea767308e726bc5a367dc97f897a1009a26a263dfcaa74bd90d1f6
                                                                        • Opcode Fuzzy Hash: d620c8a3ca50900acfa7c33c859c7305dc19d5788cc06e68b000ecee40ca9178
                                                                        • Instruction Fuzzy Hash: 31512DB0D4539CEEEB10DFA5CD06BADBEB4AB44708F10415AE9547B2C2DBF50A089F91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091B860 Relevance: 54.2, APIs: 36, Instructions: 197windowtimeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ??0QByteArray@@QAE@XZ.QT5CORE(EB0B5FE6,?,6766B430,?), ref: 0091B894
                                                                        • ??0QFileInfo@@QAE@ABVQString@@@Z.QT5CORE(?,?,6766B430,?), ref: 0091B8A8
                                                                        • ?isFile@QFileInfo@@QBE_NXZ.QT5CORE(?,6766B430,?), ref: 0091B8BB
                                                                        • ?exists@QFile@@SA_NABVQString@@@Z.QT5CORE(?,?,6766B430,?), ref: 0091B8C6
                                                                        • ??1QFileInfo@@QAE@XZ.QT5CORE(?,6766B430,?), ref: 0091B8E3
                                                                        • ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(?,?,6766B430,?), ref: 0091B8F1
                                                                        • ?stop@QTimer@@QAEXXZ.QT5CORE(?,6766B430,?), ref: 0091B8FA
                                                                        • ?applicationDirPath@QCoreApplication@@SA?AVQString@@XZ.QT5CORE(?,?,6766B430,?), ref: 0091B906
                                                                        • ??0QString@@QAE@ABV0@@Z.QT5CORE(00000000,?), ref: 0091B917
                                                                        • ?append@QString@@QAEAAV1@ABV1@@Z.QT5CORE(009763A4), ref: 0091B92C
                                                                        • ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(?), ref: 0091B939
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091B942
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091B94F
                                                                        • ?start@QTimer@@QAEXXZ.QT5CORE ref: 0091B958
                                                                        • ?instance@ImageManager@@SAPAV1@XZ.BLAUNCHER(009581CD), ref: 0091B962
                                                                        • ?getPixmapByPath@ImageManager@@QAEAAVQPixmap@@ABVQString@@@Z.BLAUNCHER(?,6766B430,?), ref: 0091B96A
                                                                        • ??0QPixmap@@QAE@ABV0@@Z.QT5GUI(00000000), ref: 0091B974
                                                                        • ?isNull@QPixmap@@QBE_NXZ.QT5GUI(?,6766B430,?), ref: 0091B981
                                                                        • ?devicePixelRatioF@QPaintDevice@@QBENXZ.QT5GUI(?,6766B430,?), ref: 0091B998
                                                                        • ?size@QWidget@@QBE?AVQSize@@XZ.QT5WIDGETS(?), ref: 0091B9A8
                                                                        • ??0QSize@@QAE@HH@Z.QT5CORE(00000000), ref: 0091BA48
                                                                        • ?scaled@QPixmap@@QBE?AV1@ABVQSize@@W4AspectRatioMode@Qt@@W4TransformationMode@4@@Z.QT5GUI(00000001,?,00000001,00000001), ref: 0091BA5D
                                                                        • ??4QPixmap@@QAEAAV0@$$QAV0@@Z.QT5GUI(00000000), ref: 0091BA67
                                                                        • ??1QPixmap@@UAE@XZ.QT5GUI ref: 0091BA70
                                                                        • ?instance@BLauncher@@SAPAV1@XZ.BLAUNCHER(?,?,00000004), ref: 0091BA7C
                                                                        • ?pixmapToRound@BLauncher@@QAE?AVQPixmap@@ABV2@H@Z.BLAUNCHER ref: 0091BA84
                                                                        • ??4QPixmap@@QAEAAV0@$$QAV0@@Z.QT5GUI(00000000), ref: 0091BA8E
                                                                        • ??1QPixmap@@UAE@XZ.QT5GUI ref: 0091BA97
                                                                        • ?setScaledContents@QLabel@@QAEX_N@Z.QT5WIDGETS(00000001), ref: 0091BA9E
                                                                        • ?setPixmap@QLabel@@QAEXABVQPixmap@@@Z.QT5WIDGETS(?), ref: 0091BAAB
                                                                        • ??0QIcon@@QAE@ABVQPixmap@@@Z.QT5GUI(?), ref: 0091BAB8
                                                                        • ?setWindowIcon@QApplication@@SAXABVQIcon@@@Z.QT5WIDGETS(?), ref: 0091BAC6
                                                                        • ?setWindowIcon@QWidget@@QAEXABVQIcon@@@Z.QT5WIDGETS(?), ref: 0091BAD5
                                                                        • ??1QIcon@@QAE@XZ.QT5GUI ref: 0091BADE
                                                                        • ??1QPixmap@@UAE@XZ.QT5GUI ref: 0091BAE7
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091BAEC
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Pixmap@@$String@@$V0@@$?set$FileInfo@@Size@@String@@@$?instance@Application@@Icon@Icon@@Icon@@@ImageLabel@@Launcher@@Manager@@Path@Pixmap@@@RatioTimer@@V0@$$Widget@@Window$?append@?application?device?exists@?get?pixmap?scaled@?size@?start@?stop@Array@@AspectByteContents@CoreDevice@@File@File@@Mode@Mode@4@@Null@PaintPixelPixmapPixmap@Qt@@Round@ScaledTransformationV1@@
                                                                        • String ID:
                                                                        • API String ID: 3548132827-0
                                                                        • Opcode ID: c63e4a08a0e053cc82554ed29fd91e701bfcb81070c20a064fad829a21911c72
                                                                        • Instruction ID: db905fdc0cebe4ffcbbd38d284e67ea4a36a4f8b3b53df58be89695be583cd99
                                                                        • Opcode Fuzzy Hash: c63e4a08a0e053cc82554ed29fd91e701bfcb81070c20a064fad829a21911c72
                                                                        • Instruction Fuzzy Hash: 9381A271918309DFDB0ADFB1EC59AEEB7B8AF15346F008259E413A31A1EB326645DB10
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00919AB0 Relevance: 52.8, APIs: 27, Strings: 3, Instructions: 306timewindowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 0091ABE0: ?objectName@QObject@@QBE?AVQString@@XZ.QT5CORE(?,EB0B5FE6,?,?,?,00919AE3,?,EB0B5FE6), ref: 0091AC14
                                                                          • Part of subcall function 0091ABE0: ??1QString@@QAE@XZ.QT5CORE(?,?,?,00919AE3,?,EB0B5FE6), ref: 0091AC22
                                                                          • Part of subcall function 0091ABE0: ?fromUtf8@QString@@SA?AV1@PBDH@Z.QT5CORE(?,CloudGameClass,000000FF,?,?,?,00919AE3,?,EB0B5FE6), ref: 0091AC3D
                                                                          • Part of subcall function 0091ABE0: ?setObjectName@QObject@@QAEXABVQString@@@Z.QT5CORE(00000000,?,?,?,00919AE3,?,EB0B5FE6), ref: 0091AC50
                                                                          • Part of subcall function 0091ABE0: ??1QString@@QAE@XZ.QT5CORE(?,?,?,00919AE3,?,EB0B5FE6), ref: 0091AC5C
                                                                          • Part of subcall function 0091ABE0: ?resize@QWidget@@QAEXHH@Z.QT5WIDGETS(0000041C,0000027B,?,?,?,00919AE3,?,EB0B5FE6), ref: 0091AC6E
                                                                          • Part of subcall function 0091ABE0: ?fromUtf8@QString@@SA?AV1@PBDH@Z.QT5CORE(?,0095EC24,000000FF,?,?,?,00919AE3,?,EB0B5FE6), ref: 0091AC7F
                                                                          • Part of subcall function 0091ABE0: ?setStyleSheet@QWidget@@QAEXABVQString@@@Z.QT5WIDGETS(00000000,?,?,?,00919AE3,?,EB0B5FE6), ref: 0091AC92
                                                                          • Part of subcall function 0091ABE0: ??1QString@@QAE@XZ.QT5CORE(?,?,?,00919AE3,?,EB0B5FE6), ref: 0091ACA2
                                                                          • Part of subcall function 0091ABE0: ??0QGridLayout@@QAE@PAVQWidget@@@Z.QT5WIDGETS(?,?,?,?,?,00919AE3,?,EB0B5FE6), ref: 0091ACC1
                                                                          • Part of subcall function 0091ABE0: ?setSpacing@QGridLayout@@QAEXH@Z.QT5WIDGETS(00000000,?,?,?,?,00919AE3,?,EB0B5FE6), ref: 0091ACE4
                                                                          • Part of subcall function 0091ABE0: ?setContentsMargins@QLayout@@QAEXHHHH@Z.QT5WIDGETS(0000000B,0000000B,0000000B,0000000B,?,?,?,?,00919AE3,?,EB0B5FE6), ref: 0091ACFD
                                                                          • Part of subcall function 0091ABE0: ?fromUtf8@QString@@SA?AV1@PBDH@Z.QT5CORE(?,gridLayout,000000FF,?,?,?,?,00919AE3,?,EB0B5FE6), ref: 0091AD0A
                                                                          • Part of subcall function 0091ABE0: ?setObjectName@QObject@@QAEXABVQString@@@Z.QT5CORE(00000000,?,?,?,?,?,?,?,00919AE3,?,EB0B5FE6), ref: 0091AD1D
                                                                          • Part of subcall function 0091ABE0: ??1QString@@QAE@XZ.QT5CORE(?,?,?,?,?,?,?,00919AE3,?,EB0B5FE6), ref: 0091AD29
                                                                        • ?instance@FileWatcher@@SAPAV1@XZ.BLAUNCHER(?,EB0B5FE6), ref: 00919AF9
                                                                          • Part of subcall function 00955C76: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,009158C7,00000008,?,?,?,?,00956C6D,000000FF), ref: 00955C8B
                                                                        • ?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PBV1@PAPAX01PAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PBHPBU3@@Z.QT5CORE(?,00000000,?,?,0091AB60,00000000,00000000,00000000,00000010,?,EB0B5FE6), ref: 00919B3D
                                                                        • ??1Connection@QMetaObject@@QAE@XZ.QT5CORE ref: 00919B49
                                                                        • ?setWindowFlags@QWidget@@QAEXV?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS(009606C0), ref: 00919B5D
                                                                        • ?setFocusPolicy@QWidget@@QAEXW4FocusPolicy@Qt@@@Z.QT5WIDGETS(0000000B), ref: 00919B67
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(QDialog{background-color: #1B1E2C;},00000023), ref: 00919B7A
                                                                        • ?setStyleSheet@QWidget@@QAEXABVQString@@@Z.QT5WIDGETS(?), ref: 00919B95
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00919BA1
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(background-color: transparent;,0000001E), ref: 00919BAE
                                                                        • ?setStyleSheet@QWidget@@QAEXABVQString@@@Z.QT5WIDGETS(?), ref: 00919BC4
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00919BD0
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(background-color: #252A3E;,0000001A), ref: 00919BDD
                                                                        • ?setStyleSheet@QWidget@@QAEXABVQString@@@Z.QT5WIDGETS(?), ref: 00919BF3
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00919BFF
                                                                          • Part of subcall function 0091A690: ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(BlueStacks,0000000A,EB0B5FE6,6820C3A0,6766F990), ref: 0091A6D1
                                                                          • Part of subcall function 0091A690: ?setText@QLabel@@QAEXABVQString@@@Z.QT5WIDGETS(?), ref: 0091A6E7
                                                                          • Part of subcall function 0091A690: ??1QString@@QAE@XZ.QT5CORE ref: 0091A6F7
                                                                          • Part of subcall function 0091A690: ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE( QLabel{ color: #FFFFFF; font-style: normal; font-weight: bold; font-size: 18px; line-height: 27px; } ,000000B6), ref: 0091A707
                                                                          • Part of subcall function 0091A690: ?setStyleSheet@QWidget@@QAEXABVQString@@@Z.QT5WIDGETS(?), ref: 0091A71D
                                                                          • Part of subcall function 0091A690: ??1QString@@QAE@XZ.QT5CORE ref: 0091A72D
                                                                          • Part of subcall function 0091A690: ?applicationDirPath@QCoreApplication@@SA?AVQString@@XZ.QT5CORE(?), ref: 0091A73D
                                                                          • Part of subcall function 0091A690: ??0QString@@QAE@ABV0@@Z.QT5CORE(00000000), ref: 0091A74D
                                                                          • Part of subcall function 0091A690: ?append@QString@@QAEAAV1@ABV1@@Z.QT5CORE(00976378), ref: 0091A768
                                                                          • Part of subcall function 0091A690: ?tr@QMetaObject@@QBE?AVQString@@PBD0H@Z.QT5CORE(?,Minimize,00000000,000000FF), ref: 0091A782
                                                                          • Part of subcall function 0091A690: ??1QString@@QAE@XZ.QT5CORE(?,?,?,00976390,0097639C), ref: 0091A7B2
                                                                          • Part of subcall function 0091A690: ??1QString@@QAE@XZ.QT5CORE ref: 0091A7BB
                                                                          • Part of subcall function 0091A690: ??1QString@@QAE@XZ.QT5CORE ref: 0091A7CB
                                                                          • Part of subcall function 0091A690: ?applicationDirPath@QCoreApplication@@SA?AVQString@@XZ.QT5CORE(?), ref: 0091A7D5
                                                                          • Part of subcall function 0091A690: ??0QString@@QAE@ABV0@@Z.QT5CORE(00000000), ref: 0091A7E5
                                                                          • Part of subcall function 0091A690: ?append@QString@@QAEAAV1@ABV1@@Z.QT5CORE(00976384), ref: 0091A7FA
                                                                          • Part of subcall function 0091A900: ?pos@QCursor@@SA?AVQPoint@@XZ.QT5GUI(?,EB0B5FE6,6820C3A0,6766F990,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF), ref: 0091A931
                                                                          • Part of subcall function 0091A900: ?screenAt@QGuiApplication@@SAPAVQScreen@@ABVQPoint@@@Z.QT5GUI(00000000,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF,?,00919C13), ref: 0091A938
                                                                          • Part of subcall function 0091A900: ?primaryScreen@QGuiApplication@@SAPAVQScreen@@XZ.QT5GUI(?,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF,?,00919C13), ref: 0091A94B
                                                                          • Part of subcall function 0091A900: ?screens@QGuiApplication@@SA?AV?$QList@PAVQScreen@@@@XZ.QT5GUI(00000000,?,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF,?,00919C13), ref: 0091A965
                                                                          • Part of subcall function 0091A900: ?size@QListData@@QBEHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF,?,00919C13), ref: 0091A96C
                                                                          • Part of subcall function 0091A900: ?dispose@QListData@@SAXPAUData@1@@Z.QT5CORE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF), ref: 0091A9A9
                                                                          • Part of subcall function 0091A900: ?screens@QGuiApplication@@SA?AV?$QList@PAVQScreen@@@@XZ.QT5GUI(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF), ref: 0091A9C3
                                                                          • Part of subcall function 0091A900: ?at@QListData@@QBEPAPAXH@Z.QT5CORE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00957F10), ref: 0091A9CC
                                                                          • Part of subcall function 0091A900: ?dispose@QListData@@SAXPAUData@1@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00957F10), ref: 0091A9FB
                                                                          • Part of subcall function 0091A900: ?availableGeometry@QScreen@@QBE?AVQRect@@XZ.QT5GUI(?,?,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF,?,00919C13), ref: 0091AA18
                                                                          • Part of subcall function 0091A900: ?height@QRect@@QBEHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF,?,00919C13), ref: 0091AA21
                                                                          • Part of subcall function 00955C76: _callnewh.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,009158C7,00000008,?,?,?,?,00956C6D,000000FF), ref: 00955C7E
                                                                          • Part of subcall function 00955C76: _CxxThrowException.VCRUNTIME140(?,0096D38C), ref: 009562DD
                                                                        • ?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PBV1@PAPAX01PAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PBHPBU3@@Z.QT5CORE(?,?,0091AB60,?,00000000,00000000,00000000,00000000,0000000C), ref: 00919C57
                                                                        • ??1Connection@QMetaObject@@QAE@XZ.QT5CORE ref: 00919C63
                                                                        • ?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PBV1@PAPAX01PAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PBHPBU3@@Z.QT5CORE(?,?,0091AB60,?,00000000,00000000,00000000,00000000,0000000C), ref: 00919CA7
                                                                        • ??1Connection@QMetaObject@@QAE@XZ.QT5CORE ref: 00919CB3
                                                                        • ?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PBV1@PAPAX01PAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PBHPBU3@@Z.QT5CORE(?,?,0091AB60,?,00000000,00000000,00000000,00000000,0000000C), ref: 00919CFD
                                                                        • ??1Connection@QMetaObject@@QAE@XZ.QT5CORE ref: 00919D05
                                                                        • ??0QTimer@@QAE@PAVQObject@@@Z.QT5CORE ref: 00919D24
                                                                        • ?setInterval@QTimer@@QAEXH@Z.QT5CORE(000003E8), ref: 00919D41
                                                                        • ?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PBV1@PAPAX01PAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PBHPBU3@@Z.QT5CORE(?,?,?,?,00000000,00000000,00000000,00000000,0000000C), ref: 00919D83
                                                                        • ??1Connection@QMetaObject@@QAE@XZ.QT5CORE ref: 00919D8B
                                                                          • Part of subcall function 0091A410: ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(?,EB0B5FE6,67781AD0), ref: 0091A45D
                                                                          • Part of subcall function 0091A410: ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(00000000), ref: 0091A477
                                                                          • Part of subcall function 0091A410: ?applicationDirPath@QCoreApplication@@SA?AVQString@@XZ.QT5CORE(?), ref: 0091A48B
                                                                          • Part of subcall function 0091A410: ??0QString@@QAE@ABV0@@Z.QT5CORE(00000000,?,?), ref: 0091A49F
                                                                          • Part of subcall function 0091A410: ?append@QString@@QAEAAV1@ABV1@@Z.QT5CORE ref: 0091A4B4
                                                                          • Part of subcall function 0091A410: ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(?), ref: 0091A4C1
                                                                          • Part of subcall function 0091A410: ??1QString@@QAE@XZ.QT5CORE ref: 0091A4C6
                                                                          • Part of subcall function 0091A410: ??1QString@@QAE@XZ.QT5CORE ref: 0091A4D6
                                                                          • Part of subcall function 0091A410: ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(?), ref: 0091A4E7
                                                                          • Part of subcall function 0091A410: ??8@YA_NABVQString@@0@Z.QT5CORE(0097637C,?), ref: 0091A4F1
                                                                          • Part of subcall function 0091A410: ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(0095EC24,00000000,?,?,?,?), ref: 0091A513
                                                                          • Part of subcall function 0091A410: ??1QString@@QAE@XZ.QT5CORE(?,?,?,?,?), ref: 0091A53C
                                                                          • Part of subcall function 0091A410: ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(00976374,?,?,?,?,?), ref: 0091A549
                                                                          • Part of subcall function 0091A410: ??0QString@@QAE@ABV0@@Z.QT5CORE(00000000,?,?,?,?,?,?), ref: 0091A564
                                                                        • ?height@QWidget@@QBEHXZ.QT5WIDGETS(?,009606C0,?,?), ref: 00919DD8
                                                                        • ?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PBV1@PAPAX01PAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PBHPBU3@@Z.QT5CORE(?,?,00923B40,?,0091A010,00000000,00000000,00000000,00975264,00000010,?,00000001,00000001,00000001,00000001,00000005), ref: 00919E7C
                                                                        • ??1Connection@QMetaObject@@QAE@XZ.QT5CORE(?,?,?,?,?,?,00000001,00000001,00000005,00000000), ref: 00919E84
                                                                          • Part of subcall function 0091BB10: ??0QObject@@QAE@PAV0@@Z.QT5CORE(00919DC7,EB0B5FE6,?,00000000,00000000,009581FE,000000FF,?,00919DC7,?,?), ref: 0091BB3C
                                                                        Strings
                                                                        • QDialog{background-color: #1B1E2C;}, xrefs: 00919B75
                                                                        • background-color: transparent;, xrefs: 00919BA9
                                                                        • background-color: #252A3E;, xrefs: 00919BD8
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: String@@$Object@@$?setMeta$Connection@$V0@@$?fromWidget@@$ObjectString@@@$Application@@Type@$?connectArrayAscii_helper@Base@ConnectionData@Impl@Private@@Qt@@SlotTypedU3@@$Sheet@Style$Data@@List$?append@?applicationCoreLayout@@Name@Path@Screen@@Utf8@V1@@$?dispose@?height@?screens@Data@1@@Flags@FocusGridList@Policy@Rect@@Screen@@@@Timer@@Window$??8@?at@?available?instance@?object?pos@?primary?resize@?screen?size@?tr@ContentsCursor@@ExceptionFileGeometry@Interval@Label@@Margins@Object@@@Point@@Point@@@Qt@@@Qt@@@@@Screen@Spacing@String@@0@Text@ThrowWatcher@@Widget@@@_callnewhmalloc
                                                                        • String ID: QDialog{background-color: #1B1E2C;}$background-color: #252A3E;$background-color: transparent;
                                                                        • API String ID: 4206031618-899945061
                                                                        • Opcode ID: 832a43a21948d081c126eb9d3a7e3346fd91758b3a3eeef327149c07331e7444
                                                                        • Instruction ID: 522a38d87fe4f28b3a6cfadf480b3bbf3ac1ce9d4a1644722c6bcad547c13fb4
                                                                        • Opcode Fuzzy Hash: 832a43a21948d081c126eb9d3a7e3346fd91758b3a3eeef327149c07331e7444
                                                                        • Instruction Fuzzy Hash: 34C15AB1A00308AFDB04DF95CC95BEE7BB8FF48311F144559EA05AB291E771AA44CFA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00917E10 Relevance: 47.5, APIs: 26, Strings: 1, Instructions: 274COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ShowWindow.USER32(00000000,00000001), ref: 00917E8B
                                                                        • ?stop@SvgAnimation@@QAEXXZ.UICONTROL(EB0B5FE6), ref: 00917E98
                                                                        • ?height@QWidget@@QBEHXZ.QT5WIDGETS(00000000,EB0B5FE6), ref: 00917EDD
                                                                        • ?width@QWidget@@QBEHXZ.QT5WIDGETS(00000001), ref: 00917EE8
                                                                        • ?resize@QWidget@@QAEXHH@Z.QT5WIDGETS(00000001), ref: 00917EF3
                                                                        • ?height@QWidget@@QBEHXZ.QT5WIDGETS ref: 00917EFC
                                                                        • ?width@QWidget@@QBEHXZ.QT5WIDGETS(-00000001), ref: 00917F07
                                                                        • ?resize@QWidget@@QAEXHH@Z.QT5WIDGETS(-00000001), ref: 00917F12
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(00000000,?,?), ref: 00917F65
                                                                        • ?indexOf@QString@@QBEHABV1@HW4CaseSensitivity@Qt@@@Z.QT5CORE(00976340,00000000,00000001), ref: 00917F94
                                                                        • ?indexOf@QString@@QBEHABV1@HW4CaseSensitivity@Qt@@@Z.QT5CORE(00976348,00000000,00000001), ref: 00917FA7
                                                                        • ?indexOf@QString@@QBEHABV1@HW4CaseSensitivity@Qt@@@Z.QT5CORE(0097635C,00000000,00000001), ref: 00917FBA
                                                                        • ?instance@BLauncher@@SAPAV1@XZ.BLAUNCHER(?,00000022), ref: 00917FDD
                                                                        • ?getAppConfigValue@BLauncher@@QAE?AVQVariant@@W4AppConfig@1@@Z.BLAUNCHER ref: 00917FE5
                                                                        • ?toString@QVariant@@QBE?AVQString@@XZ.QT5CORE(?), ref: 00917FF5
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091800B
                                                                        • ??1QVariant@@QAE@XZ.QT5CORE ref: 00918018
                                                                        • ?fromUtf8@QString@@SA?AV1@PBDH@Z.QT5CORE(?,-loginPageShow,000000FF), ref: 00918029
                                                                        • ?toUtf8@QString@@QHAE?AVQByteArray@@XZ.QT5CORE(?), ref: 0091803C
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00918049
                                                                        • ?fromPercentEncoding@QUrl@@SA?AVQString@@ABVQByteArray@@@Z.QT5CORE(?,?), ref: 00918057
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00918070
                                                                        • ??1QByteArray@@QAE@XZ.QT5CORE ref: 00918079
                                                                        • ??1QObject@@UAE@XZ.QT5CORE ref: 00918082
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091808B
                                                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 009180BB
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: String@@$Widget@@$?from?indexByteCaseQt@@@Sensitivity@Variant@@$?height@?resize@?width@Array@@Launcher@@Utf8@$?get?instance@?stop@Animation@@ArrayArray@@@Ascii_helper@ConfigConfig@1@@Data@Encoding@Object@@PercentShowString@TypedUrl@@Value@Window_invalid_parameter_noinfo_noreturn
                                                                        • String ID: -loginPageShow
                                                                        • API String ID: 1083381767-715836868
                                                                        • Opcode ID: d7dec7d52d93e554e31382baab0786f57e8f011666262f442eccbd8d5c804fe1
                                                                        • Instruction ID: 46f5c68141858db6683d5d57d176b02f5cd0f599301d3ae839478ccdc04cabdd
                                                                        • Opcode Fuzzy Hash: d7dec7d52d93e554e31382baab0786f57e8f011666262f442eccbd8d5c804fe1
                                                                        • Instruction Fuzzy Hash: E6B1C030A08209EFDB08DFA4D958BEDBBB4FF09315F148198F416972D1DB71AA49DB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091A410 Relevance: 43.7, APIs: 29, Instructions: 185COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(?,EB0B5FE6,67781AD0), ref: 0091A45D
                                                                        • ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(00000000), ref: 0091A477
                                                                        • ?applicationDirPath@QCoreApplication@@SA?AVQString@@XZ.QT5CORE(?), ref: 0091A48B
                                                                        • ??0QString@@QAE@ABV0@@Z.QT5CORE(00000000,?,?), ref: 0091A49F
                                                                        • ?append@QString@@QAEAAV1@ABV1@@Z.QT5CORE ref: 0091A4B4
                                                                        • ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(?), ref: 0091A4C1
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091A4C6
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091A4D6
                                                                        • ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(?), ref: 0091A4DF
                                                                        • ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(?), ref: 0091A4E7
                                                                        • ??8@YA_NABVQString@@0@Z.QT5CORE(0097637C,?), ref: 0091A4F1
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(0095EC24,00000000,?,?,?,?), ref: 0091A513
                                                                        • ??1QString@@QAE@XZ.QT5CORE(?,?,?,?,?), ref: 0091A53C
                                                                        • ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(00976374,?,?,?,?,?), ref: 0091A549
                                                                        • ??0QString@@QAE@ABV0@@Z.QT5CORE(00000000,?,?,?,?,?,?), ref: 0091A564
                                                                        • ?append@QString@@QAEAAV1@ABV1@@Z.QT5CORE(00976368), ref: 0091A579
                                                                        • ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(?), ref: 0091A586
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091A58B
                                                                        • ??8@YA_NABVQString@@0@Z.QT5CORE(00976388,?,?,?,?,?), ref: 0091A5A1
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(0095EC24,00000000,?,?,?,?,?,?), ref: 0091A5C3
                                                                          • Part of subcall function 00919590: ?toLatin1@QString@@QGBE?AVQByteArray@@XZ.QT5CORE(?,EB0B5FE6,?,?,?,00957B47,000000FF), ref: 009195BD
                                                                          • Part of subcall function 00919590: ?data@QByteArray@@QAEPADXZ.QT5CORE(?,?,?,00957B47,000000FF), ref: 009195CC
                                                                          • Part of subcall function 00919590: ?tr@QMetaObject@@QBE?AVQString@@PBD0H@Z.QT5CORE(?,00000000,00000000,000000FF,?,?,?,00957B47,000000FF), ref: 009195E0
                                                                          • Part of subcall function 00919590: ?setText@QLabel@@QAEXABVQString@@@Z.QT5WIDGETS(?,?,?,?,00957B47,000000FF), ref: 009195F1
                                                                          • Part of subcall function 00919590: ??1QString@@QAE@XZ.QT5CORE(?,?,?,00957B47,000000FF), ref: 009195FA
                                                                          • Part of subcall function 00919590: ??1QByteArray@@QAE@XZ.QT5CORE(?,?,?,00957B47,000000FF), ref: 00919603
                                                                        • ??1QString@@QAE@XZ.QT5CORE(?,?,?,?,?,?,?), ref: 0091A5EC
                                                                        • ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(00976374,?,?,?,?,?,?,?), ref: 0091A5F9
                                                                        • ??0QString@@QAE@ABV0@@Z.QT5CORE(00000000,?,?,?,?,?,?,?,?), ref: 0091A614
                                                                        • ?append@QString@@QAEAAV1@ABV1@@Z.QT5CORE(00976368), ref: 0091A629
                                                                        • ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(00000004), ref: 0091A636
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091A63B
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091A64B
                                                                        • ?setText@QLabel@@QAEXABVQString@@@Z.QT5WIDGETS(?,?,?,?,?,?,?), ref: 0091A65D
                                                                        • ?setWindowTitle@QWidget@@QAEXABVQString@@@Z.QT5WIDGETS(?,?,?,?,?,?,?), ref: 0091A666
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: String@@$V0@@$?append@?setArray@@ByteString@@@V1@@$??8@?fromArrayAscii_helper@Data@Label@@String@@0@Text@Typed$?application?data@?tr@Application@@CoreLatin1@MetaObject@@Path@Title@Widget@@Window
                                                                        • String ID:
                                                                        • API String ID: 1956664549-0
                                                                        • Opcode ID: 792e83989f6dd4d867166e6c33efd7adbc5239967abd85fe8154df3c47542aed
                                                                        • Instruction ID: 12e2b98530d04f0430cc5f2e98610dbb6dcc7d9d350cd08da44d83e209e2c234
                                                                        • Opcode Fuzzy Hash: 792e83989f6dd4d867166e6c33efd7adbc5239967abd85fe8154df3c47542aed
                                                                        • Instruction Fuzzy Hash: F9716C71604209EFCB08DFA5DC88AED7BB8FF44315F008119F91A972A0DB71AB48DB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091C550 Relevance: 42.3, APIs: 28, Instructions: 252COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?frameGeometry@QWidget@@QBE?AVQRect@@XZ.QT5WIDGETS(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0091C598
                                                                        • ?globalPos@QMouseEvent@@QBE?AVQPoint@@XZ.QT5GUI(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0091C5A8
                                                                        • ?windowState@QWidget@@QBE?AV?$QFlags@W4WindowState@Qt@@@@XZ.QT5WIDGETS(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0091C5C8
                                                                        • ?setWindowState@QWidget@@QAEXV?$QFlags@W4WindowState@Qt@@@@@Z.QT5WIDGETS(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0091C5DA
                                                                        • ?unsetCursor@QWidget@@QAEXXZ.QT5WIDGETS(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0091C5E3
                                                                        • ?frameGeometry@QWidget@@QBE?AVQRect@@XZ.QT5WIDGETS(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0091C615
                                                                        • ?globalPos@QMouseEvent@@QBE?AVQPoint@@XZ.QT5GUI(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0091C625
                                                                        • ?isFullScreen@QWidget@@QBE_NXZ.QT5WIDGETS(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0091C637
                                                                        • ?isMaximized@QWidget@@QBE_NXZ.QT5WIDGETS(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0091C644
                                                                        • ?topLeft@QRect@@QBE?AVQPoint@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0091C67A
                                                                        • ?globalPos@QMouseEvent@@QBE?AVQPoint@@XZ.QT5GUI(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0091C688
                                                                        • ?setGeometry@QRubberBand@@QAEXABVQRect@@@Z.QT5WIDGETS(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0091C6BF
                                                                        • ?show@QWidget@@QAEXXZ.QT5WIDGETS(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0091C6C4
                                                                        • ?setGeometry@QRubberBand@@QAEXABVQRect@@@Z.QT5WIDGETS(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0091C6DB
                                                                        • ?show@QWidget@@QAEXXZ.QT5WIDGETS(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0091C6E0
                                                                        • ?windowHandle@QWidget@@QBEPAVQWindow@@XZ.QT5WIDGETS(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0091C6F1
                                                                        • ?startSystemResize@QWindow@@QAE_NV?$QFlags@W4Edge@Qt@@@@@Z.QT5GUI(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0091C6F9
                                                                        • ?pos@QHoverEvent@@QBE?AVQPoint@@XZ.QT5GUI(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0091C71A
                                                                        • ?mapToGlobal@QWidget@@QBE?AVQPoint@@ABV2@@Z.QT5WIDGETS(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0091C728
                                                                        • ?hide@QWidget@@QAEXXZ.QT5WIDGETS(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0091C757
                                                                        • ?setGeometry@QWidget@@QAEXABVQRect@@@Z.QT5WIDGETS(-00000010,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0091C76A
                                                                        • ?globalPos@QMouseEvent@@QBE?AVQPoint@@XZ.QT5GUI(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0091C784
                                                                        • ?move@QRubberBand@@QAEXABVQPoint@@@Z.QT5WIDGETS(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 0091C7AA
                                                                        • ?windowHandle@QWidget@@QBEPAVQWindow@@XZ.QT5WIDGETS(?,?,?,?,?,?,?,?,00000000,00000000), ref: 0091C7BB
                                                                        • ?startSystemMove@QWindow@@QAE_NXZ.QT5GUI(?,?,?,?,?,?,?,?,00000000,00000000), ref: 0091C7C3
                                                                        • ?pos@QHoverEvent@@QBE?AVQPoint@@XZ.QT5GUI(?,?,?,?,?,00000000,00000000), ref: 0091C809
                                                                        • ?mapToGlobal@QWidget@@QBE?AVQPoint@@ABV2@@Z.QT5WIDGETS(00000000,00000000,?,?,?,?,00000000,00000000), ref: 0091C817
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Widget@@$Point@@$Event@@$Geometry@$?global?setMousePos@State@Window@@$?windowBand@@Flags@Rect@@Rect@@@RubberWindow$?frame?map?pos@?show@?startGlobal@Handle@HoverQt@@@@@SystemV2@@$?hide@?move@?top?unsetCursor@Edge@FullLeft@Maximized@Move@Point@@@Qt@@@@Resize@Screen@
                                                                        • String ID:
                                                                        • API String ID: 3389692840-0
                                                                        • Opcode ID: 1cd6841cfa639292f1b6cbe2f343297ccdc455caef077faaec7afa62af77533f
                                                                        • Instruction ID: 425cbb9fb69e5b6a72dec6fb38bae120564176691113cfd9e1a0cb2c52fa7215
                                                                        • Opcode Fuzzy Hash: 1cd6841cfa639292f1b6cbe2f343297ccdc455caef077faaec7afa62af77533f
                                                                        • Instruction Fuzzy Hash: 72A1B4B560420AAFDB09CF65D888BA9FBB9FF48305F04456AE406C7691DB31ED94CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091B6C0 Relevance: 40.4, APIs: 21, Strings: 2, Instructions: 116COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?windowState@QWidget@@QBE?AV?$QFlags@W4WindowState@Qt@@@@XZ.QT5WIDGETS(?,EB0B5FE6), ref: 0091B6FA
                                                                        • ?applicationDirPath@QCoreApplication@@SA?AVQString@@XZ.QT5CORE(?), ref: 0091B709
                                                                        • ??0QString@@QAE@ABV0@@Z.QT5CORE(00000000), ref: 0091B71D
                                                                        • ?append@QString@@QAEAAV1@ABV1@@Z.QT5CORE(00976364), ref: 0091B732
                                                                        • ?setImage@ImageButton@@QAEXABVQString@@@Z.UICONTROL(EB0B5FE6), ref: 0091B73F
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091B748
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091B758
                                                                        • ?tr@QMetaObject@@QBE?AVQString@@PBD0H@Z.QT5CORE(EB0B5FE6,Restore,00000000,000000FF), ref: 0091B770
                                                                        • ?setToolTip@QWidget@@QAEXABVQString@@@Z.QT5WIDGETS(EB0B5FE6), ref: 0091B784
                                                                        • ?applicationDirPath@QCoreApplication@@SA?AVQString@@XZ.QT5CORE(?), ref: 0091B792
                                                                        • ??0QString@@QAE@ABV0@@Z.QT5CORE(00000000), ref: 0091B7A6
                                                                        • ?append@QString@@QAEAAV1@ABV1@@Z.QT5CORE(00976384), ref: 0091B7BB
                                                                        • ?setImage@ImageButton@@QAEXABVQString@@@Z.UICONTROL(EB0B5FE6), ref: 0091B7C8
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091B7D1
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091B7E1
                                                                        • ?tr@QMetaObject@@QBE?AVQString@@PBD0H@Z.QT5CORE(00000004,Maximize,00000000,000000FF), ref: 0091B7F9
                                                                        • ?setToolTip@QWidget@@QAEXABVQString@@@Z.QT5WIDGETS(00000004), ref: 0091B80D
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091B81D
                                                                        • ?windowState@QWidget@@QBE?AV?$QFlags@W4WindowState@Qt@@@@XZ.QT5WIDGETS(?), ref: 0091B829
                                                                        • ?windowState@QWidget@@QBE?AV?$QFlags@W4WindowState@Qt@@@@XZ.QT5WIDGETS(?), ref: 0091B83C
                                                                        • ?setWindowState@QWidget@@QAEXV?$QFlags@W4WindowState@Qt@@@@@Z.QT5WIDGETS(?), ref: 0091B846
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: String@@$State@$Widget@@$?setWindow$Flags@String@@@$?windowQt@@@@$?append@?application?tr@Application@@Button@@CoreImageImage@MetaObject@@Path@Tip@ToolV0@@V1@@$Qt@@@@@
                                                                        • String ID: Maximize$Restore
                                                                        • API String ID: 2196625904-2732305768
                                                                        • Opcode ID: 16684781293a1a00371c93896c4b5216ceb4fe6919a698d28ae13d9f62486563
                                                                        • Instruction ID: dd43a7979781da9d0b96cdb54e259f6759a9517da7494f348907fab8708de561
                                                                        • Opcode Fuzzy Hash: 16684781293a1a00371c93896c4b5216ceb4fe6919a698d28ae13d9f62486563
                                                                        • Instruction Fuzzy Hash: A24181B191430ADFDB08DFA1DD48BAEBBBCFB04325F000659E526A32E0DB716605DB61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091CA00 Relevance: 34.6, APIs: 23, Instructions: 121COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ??0QRect@@QAE@XZ.QT5CORE ref: 0091CA0E
                                                                        • ?frameGeometry@QWidget@@QBE?AVQRect@@XZ.QT5WIDGETS(00000000), ref: 0091CA28
                                                                        • ?left@QRect@@QBEHXZ.QT5CORE ref: 0091CA38
                                                                        • ?top@QRect@@QBEHXZ.QT5CORE ref: 0091CA41
                                                                        • ?right@QRect@@QBEHXZ.QT5CORE ref: 0091CA4A
                                                                        • ?bottom@QRect@@QBEHXZ.QT5CORE ref: 0091CA53
                                                                        • ?minimumWidth@QWidget@@QBEHXZ.QT5WIDGETS ref: 0091CA6E
                                                                        • ?minimumHeight@QWidget@@QBEHXZ.QT5WIDGETS ref: 0091CA7A
                                                                        • ??0QRect@@QAE@ABVQPoint@@0@Z.QT5CORE(?,?), ref: 0091CAC9
                                                                        • ?isValid@QRect@@QBE_NXZ.QT5CORE ref: 0091CAD2
                                                                        • ?width@QRect@@QBEHXZ.QT5CORE ref: 0091CAE3
                                                                        • ?left@QRect@@QBEHXZ.QT5CORE ref: 0091CAF1
                                                                        • ?left@QRect@@QBEHXZ.QT5CORE ref: 0091CAFE
                                                                        • ?setLeft@QRect@@QAEXH@Z.QT5CORE(00000000), ref: 0091CB08
                                                                        • ?right@QRect@@QBEHXZ.QT5CORE ref: 0091CB10
                                                                        • ?setRight@QRect@@QAEXH@Z.QT5CORE(00000000), ref: 0091CB1A
                                                                        • ?height@QRect@@QBEHXZ.QT5CORE ref: 0091CB23
                                                                        • ?top@QRect@@QBEHXZ.QT5CORE ref: 0091CB31
                                                                        • ?top@QRect@@QBEHXZ.QT5CORE ref: 0091CB3E
                                                                        • ?setTop@QRect@@QAEXH@Z.QT5CORE(00000000), ref: 0091CB48
                                                                        • ?bottom@QRect@@QBEHXZ.QT5CORE ref: 0091CB50
                                                                        • ?setBottom@QRect@@QAEXH@Z.QT5CORE(00000000), ref: 0091CB5A
                                                                        • ?setGeometry@QRubberBand@@QAEXABVQRect@@@Z.QT5WIDGETS(?), ref: 0091CB6F
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Rect@@$?set$?left@?top@Widget@@$?bottom@?minimum?right@Geometry@$?frame?height@?width@Band@@Bottom@Height@Left@Point@@0@Rect@@@Right@RubberTop@Valid@Width@
                                                                        • String ID:
                                                                        • API String ID: 3869587639-0
                                                                        • Opcode ID: 60455dc14ccdbf5f37f1379642a1a1947ee09093deebd8248aaa68cc0d7a8c4f
                                                                        • Instruction ID: 3539c89adf89e93613cd9f7459845cd53f208583fbdb9ddd1336c65d40f78b53
                                                                        • Opcode Fuzzy Hash: 60455dc14ccdbf5f37f1379642a1a1947ee09093deebd8248aaa68cc0d7a8c4f
                                                                        • Instruction Fuzzy Hash: 76512B7096861DDFCB09DFA5E9999EDBBB9FF04302F004059E406A32A0DB32AE45DF50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091A900 Relevance: 33.2, APIs: 22, Instructions: 159COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?pos@QCursor@@SA?AVQPoint@@XZ.QT5GUI(?,EB0B5FE6,6820C3A0,6766F990,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF), ref: 0091A931
                                                                        • ?screenAt@QGuiApplication@@SAPAVQScreen@@ABVQPoint@@@Z.QT5GUI(00000000,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF,?,00919C13), ref: 0091A938
                                                                        • ?primaryScreen@QGuiApplication@@SAPAVQScreen@@XZ.QT5GUI(?,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF,?,00919C13), ref: 0091A94B
                                                                        • ?screens@QGuiApplication@@SA?AV?$QList@PAVQScreen@@@@XZ.QT5GUI(00000000,?,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF,?,00919C13), ref: 0091A965
                                                                        • ?size@QListData@@QBEHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF,?,00919C13), ref: 0091A96C
                                                                        • ?dispose@QListData@@SAXPAUData@1@@Z.QT5CORE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF), ref: 0091A9A9
                                                                        • ?screens@QGuiApplication@@SA?AV?$QList@PAVQScreen@@@@XZ.QT5GUI(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF), ref: 0091A9C3
                                                                        • ?at@QListData@@QBEPAPAXH@Z.QT5CORE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00957F10), ref: 0091A9CC
                                                                        • ?dispose@QListData@@SAXPAUData@1@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00957F10), ref: 0091A9FB
                                                                        • ?availableGeometry@QScreen@@QBE?AVQRect@@XZ.QT5GUI(?,?,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF,?,00919C13), ref: 0091AA18
                                                                        • ?height@QRect@@QBEHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF,?,00919C13), ref: 0091AA21
                                                                        • ?width@QRect@@QBEHXZ.QT5CORE(00000000,?,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF,?,00919C13), ref: 0091AA3E
                                                                        • ?resize@QWidget@@QAEXHH@Z.QT5WIDGETS(00000000,?,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF,?,00919C13), ref: 0091AA5A
                                                                        • ?setMinimumWidth@QWidget@@QAEXH@Z.QT5WIDGETS(000002B8,?,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF,?,00919C13), ref: 0091AA67
                                                                        • ?setMinimumHeight@QWidget@@QAEXH@Z.QT5WIDGETS(000001BE,?,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF,?,00919C13), ref: 0091AA74
                                                                        • ?height@QWidget@@QBEHXZ.QT5WIDGETS(?,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF,?,00919C13), ref: 0091AA7C
                                                                        • ?height@QRect@@QBEHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF,?,00919C13), ref: 0091AA87
                                                                        • ?top@QRect@@QBEHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF,?,00919C13), ref: 0091AA99
                                                                        • ?width@QWidget@@QBEHXZ.QT5WIDGETS(?,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF,?,00919C13), ref: 0091AAA3
                                                                        • ?width@QRect@@QBEHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF,?,00919C13), ref: 0091AAAE
                                                                        • ?left@QRect@@QBEHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF,?,00919C13), ref: 0091AAC0
                                                                        • ?move@QWidget@@QAEXABVQPoint@@@Z.QT5WIDGETS(?,?,?,?,?,?,?,?,?,?,?,00000000,00957F10,000000FF,?,00919C13), ref: 0091AADB
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Rect@@$Widget@@$Application@@Data@@List$?height@?width@Screen@@$?dispose@?screens@?setData@1@@List@MinimumPoint@@@Screen@@@@$?at@?available?left@?move@?pos@?primary?resize@?screen?size@?top@Cursor@@Geometry@Height@Point@@Screen@Width@
                                                                        • String ID:
                                                                        • API String ID: 2120784737-0
                                                                        • Opcode ID: 3f8d5114dc6d99e9c6c79cf99d46a6e6f4c3e562835a4cbbf968b96a873b6afa
                                                                        • Instruction ID: c138ec2b45762781a6da3973e430969e2bd96e66dc5ce9f4aa58c5f5d8a6612c
                                                                        • Opcode Fuzzy Hash: 3f8d5114dc6d99e9c6c79cf99d46a6e6f4c3e562835a4cbbf968b96a873b6afa
                                                                        • Instruction Fuzzy Hash: 9A51F071A003198FCB15CFB5DD4859EBBB9FF48321F080629E802E32A0EB359E45DB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00916A00 Relevance: 32.0, APIs: 13, Strings: 5, Instructions: 480COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetModuleHandleW.KERNEL32(00000000,EB0B5FE6), ref: 00916A30
                                                                          • Part of subcall function 00955C76: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,009158C7,00000008,?,?,?,?,00956C6D,000000FF), ref: 00955C8B
                                                                        • GetCommandLineW.KERNEL32(?,?,?,00000001), ref: 00916AF0
                                                                        • memset.VCRUNTIME140(?,00000000,00000100,?,?,?,00000001), ref: 00916BC6
                                                                        • memset.VCRUNTIME140(?,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00916CB3
                                                                        • GetEnvironmentVariableA.KERNEL32(LOCALAPPDATA,?,00000104), ref: 00916CCC
                                                                        • ?instance@BLauncher@@SAPAV1@XZ.BLAUNCHER(?,00000027,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00916D1F
                                                                        • ?getAppConfigValue@BLauncher@@QAE?AVQVariant@@W4AppConfig@1@@Z.BLAUNCHER(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00916D27
                                                                        • ?toString@QVariant@@QBE?AVQString@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00916D3A
                                                                        • ?toStdString@QString@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00916D4D
                                                                        • ??1QString@@QAE@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00916ED6
                                                                        • ??1QVariant@@QAE@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00916EE2
                                                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00916F18
                                                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000080), ref: 00917116
                                                                        Strings
                                                                        • enable-chrome-runtime, xrefs: 00916C28
                                                                        • Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36 BSX/0.12.1.3, xrefs: 00917032
                                                                        • LOCALAPPDATA, xrefs: 00916CC7
                                                                        • y, xrefs: 00917019
                                                                        • c, xrefs: 00916FEF
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: String@@Variant@@$Launcher@@String@_invalid_parameter_noinfo_noreturnmemset$?get?instance@CommandConfigConfig@1@@D@2@@std@@D@std@@EnvironmentHandleLineModuleU?$char_traits@V?$allocator@V?$basic_string@Value@Variablemalloc
                                                                        • String ID: LOCALAPPDATA$Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36 BSX/0.12.1.3$c$enable-chrome-runtime$y
                                                                        • API String ID: 3330349586-2520646857
                                                                        • Opcode ID: dd29d2268af72616a3f6fd726523626e501be815acc165ce0a72b33a29ad7091
                                                                        • Instruction ID: 7c8a870326989e608db2710f8499ed3b8fedc5ea338a0d333a90bcf256699698
                                                                        • Opcode Fuzzy Hash: dd29d2268af72616a3f6fd726523626e501be815acc165ce0a72b33a29ad7091
                                                                        • Instruction Fuzzy Hash: 4C228970E042599BEB25DB24CD59BDDBBB4AF45304F0481E8E809A7292DBB15FC8CF91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00923400 Relevance: 31.7, APIs: 21, Instructions: 175COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?toolTip@QWidget@@QBE?AVQString@@XZ.QT5WIDGETS(?,EB0B5FE6,00000000), ref: 00923454
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00923462
                                                                          • Part of subcall function 00955C76: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,009158C7,00000008,?,?,?,?,00956C6D,000000FF), ref: 00955C8B
                                                                        • ??0QDialog@@QAE@PAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS(00000000,00000000), ref: 0092348C
                                                                        • ?setWindowFlags@QWidget@@QAEXV?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS(0000080D), ref: 009234B1
                                                                        • ?setWindowModality@QWidget@@QAEXW4WindowModality@Qt@@@Z.QT5WIDGETS(00000001), ref: 009234BB
                                                                        • ?setAttribute@QWidget@@QAEXW4WidgetAttribute@Qt@@_N@Z.QT5WIDGETS(00000078,00000001), ref: 009234C7
                                                                          • Part of subcall function 00955C76: _callnewh.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,009158C7,00000008,?,?,?,?,00956C6D,000000FF), ref: 00955C7E
                                                                          • Part of subcall function 00955C76: _CxxThrowException.VCRUNTIME140(?,0096D38C), ref: 009562DD
                                                                        • ??0QGridLayout@@QAE@PAVQWidget@@@Z.QT5WIDGETS(00000000), ref: 009234E3
                                                                        • ?setSpacing@QGridLayout@@QAEXH@Z.QT5WIDGETS(00000000), ref: 009234FE
                                                                        • ?setContentsMargins@QLayout@@QAEXHHHH@Z.QT5WIDGETS(00000000,00000000,00000000,00000000), ref: 0092350E
                                                                          • Part of subcall function 00922EC0: ??0QWidget@@QAE@PAV0@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS(00000000,00000000,EB0B5FE6,?,00000000,?,?,00000000,00959055,000000FF,?,?,00000000,?,?), ref: 00922EF0
                                                                          • Part of subcall function 00922EC0: ??0QGridLayout@@QAE@PAVQWidget@@@Z.QT5WIDGETS ref: 00922F27
                                                                          • Part of subcall function 00922EC0: ?setSpacing@QGridLayout@@QAEXH@Z.QT5WIDGETS(00000006), ref: 00922F42
                                                                          • Part of subcall function 00922EC0: ?setHorizontalSpacing@QGridLayout@@QAEXH@Z.QT5WIDGETS(00000006), ref: 00922F4C
                                                                          • Part of subcall function 00922EC0: ?setVerticalSpacing@QGridLayout@@QAEXH@Z.QT5WIDGETS(00000000), ref: 00922F56
                                                                          • Part of subcall function 00922EC0: ?setContentsMargins@QLayout@@QAEXHHHH@Z.QT5WIDGETS(00000006,00000006,00000006,00000006), ref: 00922F66
                                                                          • Part of subcall function 00922EC0: ??0QLabel@@QAE@PAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS(?,00000000), ref: 00922F84
                                                                          • Part of subcall function 00922EC0: ?setAlignment@QLabel@@QAEXV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS(?,?,00000000), ref: 00922FAA
                                                                          • Part of subcall function 00922EC0: ?addWidget@QGridLayout@@QAEXPAVQWidget@@HHHHV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS(00000000,00000000,00000000,00000001,00000001,00000000,?,?,00000000), ref: 00922FBF
                                                                          • Part of subcall function 00922EC0: ?setWindowFlags@QWidget@@QAEXV?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS(0095FF04,?,?,00000000), ref: 00922FD9
                                                                          • Part of subcall function 00922EC0: ?setAttribute@QWidget@@QAEXW4WidgetAttribute@Qt@@_N@Z.QT5WIDGETS(00000078,00000001,?,?,00000000), ref: 00922FE1
                                                                          • Part of subcall function 00922EC0: ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(QWidget{background-color: #B321262A;border: 1px solid #19ECE8F8;}QLabel{font-size: 12px;color: #FFC8C8C8;padding: 3px 6px 3px 6px;},0000008D,?,?,00000000), ref: 00922FF1
                                                                          • Part of subcall function 00922EC0: ?setStyleSheet@QWidget@@QAEXABVQString@@@Z.QT5WIDGETS(?,?,00000000), ref: 00923007
                                                                        • ?addWidget@QGridLayout@@QAEXPAVQWidget@@HHHHV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS(00000000,00000000,00000000,00000001,00000001,00000000,00000000), ref: 00923541
                                                                        • ?toolTip@QWidget@@QBE?AVQString@@XZ.QT5WIDGETS(?), ref: 00923558
                                                                        • ?setText@QLabel@@QAEXABVQString@@@Z.QT5WIDGETS(00000000), ref: 0092356F
                                                                        • ?adjustSize@QWidget@@QAEXXZ.QT5WIDGETS ref: 0092357D
                                                                        • ?adjustSize@QWidget@@QAEXXZ.QT5WIDGETS ref: 00923581
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0092358D
                                                                        • ?mapToGlobal@QWidget@@QBE?AVQPoint@@ABV2@@Z.QT5WIDGETS(?,?,EB0B5FE6,00000000), ref: 009235B6
                                                                        • ?height@QWidget@@QBEHXZ.QT5WIDGETS ref: 009235C8
                                                                        • ?width@QWidget@@QBEHXZ.QT5WIDGETS ref: 009235D6
                                                                        • ?width@QWidget@@QBEHXZ.QT5WIDGETS ref: 009235E4
                                                                        • ?move@QWidget@@QAEXABVQPoint@@@Z.QT5WIDGETS(?), ref: 00923605
                                                                        • ?show@QWidget@@QAEXXZ.QT5WIDGETS ref: 0092360E
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Widget@@$?set$Flags@Layout@@$Window$GridQt@@@@@$String@@Type@$Attribute@Spacing@$AlignmentFlag@Label@@$?add?adjust?tool?width@ContentsMargins@Modality@Qt@@_Size@String@@@Tip@WidgetWidget@Widget@@@$?from?height@?map?move@?show@Alignment@ArrayAscii_helper@Data@Dialog@@ExceptionGlobal@HorizontalPoint@@Point@@@Qt@@@Sheet@StyleText@ThrowTypedV2@@Vertical_callnewhmalloc
                                                                        • String ID:
                                                                        • API String ID: 2646646556-0
                                                                        • Opcode ID: 88ffb1a65916be89cf02010a54e8d741a16589d06bed53bca1ea65849496bbac
                                                                        • Instruction ID: 45e5b0632f15d7daf975ab9ae9d80cd89ff01232c9b7b0358385a59cd5f429a5
                                                                        • Opcode Fuzzy Hash: 88ffb1a65916be89cf02010a54e8d741a16589d06bed53bca1ea65849496bbac
                                                                        • Instruction Fuzzy Hash: CC61BF71A04304EFDB04CFA5DC89BADBBB5FB48711F144159E906AB3D0DBB56A40CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 009141D0 Relevance: 31.6, APIs: 4, Strings: 14, Instructions: 136COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?createData@QMapDataBase@@SAPAU1@XZ.QT5CORE ref: 009142BF
                                                                        • ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z.QT5CORE(?,00000004), ref: 0091431B
                                                                        • ?freeData@QMapDataBase@@SAXPAU1@@Z.QT5CORE(00000000), ref: 00914322
                                                                        • ?recalcMostLeftNode@QMapDataBase@@QAEXXZ.QT5CORE ref: 00914333
                                                                        Strings
                                                                        • bsx_engine_updating_to_hyperv_supporting_version, xrefs: 00914246
                                                                        • bsx_engine_install_disk_insufficient, xrefs: 0091422A
                                                                        • bsx_enable_vt_win10, xrefs: 0091428C
                                                                        • bsx_enable_vt_win11, xrefs: 0091427E
                                                                        • bsx_engine_insert_image_instruction, xrefs: 0091420E
                                                                        • bsx_engine_install_instruction, xrefs: 0091421C
                                                                        • bsx_engine_failed_to_launch_since_recent_Windows_update, xrefs: 00914254
                                                                        • bsx_engine_failed_to_launch, xrefs: 00914238
                                                                        • bsx_engine_force_update_failed, xrefs: 00914200
                                                                        • bsx_disable_windows_notifacation, xrefs: 00914270
                                                                        • bsx_disable_hyperv, xrefs: 009141F2
                                                                        • bsx_enable_vt_win7, xrefs: 009142A8
                                                                        • bsx_why_GRM_needed, xrefs: 00914262
                                                                        • bsx_enable_vt_win8, xrefs: 0091429A
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Base@@$Data$?freeData@$?create?recalcLeftMostNodeNode@Tree@U1@@
                                                                        • String ID: bsx_disable_hyperv$bsx_disable_windows_notifacation$bsx_enable_vt_win10$bsx_enable_vt_win11$bsx_enable_vt_win7$bsx_enable_vt_win8$bsx_engine_failed_to_launch$bsx_engine_failed_to_launch_since_recent_Windows_update$bsx_engine_force_update_failed$bsx_engine_insert_image_instruction$bsx_engine_install_disk_insufficient$bsx_engine_install_instruction$bsx_engine_updating_to_hyperv_supporting_version$bsx_why_GRM_needed
                                                                        • API String ID: 3171394654-3715296701
                                                                        • Opcode ID: 39177fbf8264e24cc3e8f2043a3dac196bd02846248aa00d1781a972bb8db0a5
                                                                        • Instruction ID: d6ebeae636c235305bc627b6245131dbc61afc30e5ce8fa89ae5d2f14d1a1f09
                                                                        • Opcode Fuzzy Hash: 39177fbf8264e24cc3e8f2043a3dac196bd02846248aa00d1781a972bb8db0a5
                                                                        • Instruction Fuzzy Hash: 22516FB0A00309DFDF14CF96D988AADBBF4FF48315F148558D824AB291D7769A8ACF50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00912420 Relevance: 31.6, APIs: 4, Strings: 14, Instructions: 136COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?createData@QMapDataBase@@SAPAU1@XZ.QT5CORE ref: 0091250F
                                                                        • ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z.QT5CORE(?,00000004), ref: 0091256B
                                                                        • ?freeData@QMapDataBase@@SAXPAU1@@Z.QT5CORE(00000000), ref: 00912572
                                                                        • ?recalcMostLeftNode@QMapDataBase@@QAEXXZ.QT5CORE ref: 00912583
                                                                        Strings
                                                                        • bsx_engine_updating_to_hyperv_supporting_version, xrefs: 00912496
                                                                        • bsx_engine_install_disk_insufficient, xrefs: 0091247A
                                                                        • bsx_enable_vt_win10, xrefs: 009124DC
                                                                        • bsx_enable_vt_win11, xrefs: 009124CE
                                                                        • bsx_engine_insert_image_instruction, xrefs: 0091245E
                                                                        • bsx_engine_install_instruction, xrefs: 0091246C
                                                                        • bsx_engine_failed_to_launch_since_recent_Windows_update, xrefs: 009124A4
                                                                        • bsx_engine_failed_to_launch, xrefs: 00912488
                                                                        • bsx_engine_force_update_failed, xrefs: 00912450
                                                                        • bsx_disable_windows_notifacation, xrefs: 009124C0
                                                                        • bsx_disable_hyperv, xrefs: 00912442
                                                                        • bsx_enable_vt_win7, xrefs: 009124F8
                                                                        • bsx_why_GRM_needed, xrefs: 009124B2
                                                                        • bsx_enable_vt_win8, xrefs: 009124EA
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Base@@$Data$?freeData@$?create?recalcLeftMostNodeNode@Tree@U1@@
                                                                        • String ID: bsx_disable_hyperv$bsx_disable_windows_notifacation$bsx_enable_vt_win10$bsx_enable_vt_win11$bsx_enable_vt_win7$bsx_enable_vt_win8$bsx_engine_failed_to_launch$bsx_engine_failed_to_launch_since_recent_Windows_update$bsx_engine_force_update_failed$bsx_engine_insert_image_instruction$bsx_engine_install_disk_insufficient$bsx_engine_install_instruction$bsx_engine_updating_to_hyperv_supporting_version$bsx_why_GRM_needed
                                                                        • API String ID: 3171394654-3715296701
                                                                        • Opcode ID: db0d4ce3e74cd0665ed34aecb36e38a4ed4afd6796da9074cb7dfc165a08a143
                                                                        • Instruction ID: c6bc1a89be9b310f3994e75a95a91e68a6695e88d4c7ef1bb32dda899af7a1f0
                                                                        • Opcode Fuzzy Hash: db0d4ce3e74cd0665ed34aecb36e38a4ed4afd6796da9074cb7dfc165a08a143
                                                                        • Instruction Fuzzy Hash: 10519CB0A10309CFDB14DF96D88869DBBF5BF44305F148558E814AF391D7B69A89CF90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00912670 Relevance: 31.6, APIs: 4, Strings: 14, Instructions: 136COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?createData@QMapDataBase@@SAPAU1@XZ.QT5CORE ref: 0091275F
                                                                        • ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z.QT5CORE(?,00000004), ref: 009127BB
                                                                        • ?freeData@QMapDataBase@@SAXPAU1@@Z.QT5CORE(00000000), ref: 009127C2
                                                                        • ?recalcMostLeftNode@QMapDataBase@@QAEXXZ.QT5CORE ref: 009127D3
                                                                        Strings
                                                                        • bsx_engine_updating_to_hyperv_supporting_version, xrefs: 009126E6
                                                                        • bsx_engine_install_disk_insufficient, xrefs: 009126CA
                                                                        • bsx_enable_vt_win10, xrefs: 0091272C
                                                                        • bsx_enable_vt_win11, xrefs: 0091271E
                                                                        • bsx_engine_insert_image_instruction, xrefs: 009126AE
                                                                        • bsx_engine_install_instruction, xrefs: 009126BC
                                                                        • bsx_engine_failed_to_launch_since_recent_Windows_update, xrefs: 009126F4
                                                                        • bsx_engine_failed_to_launch, xrefs: 009126D8
                                                                        • bsx_engine_force_update_failed, xrefs: 009126A0
                                                                        • bsx_disable_windows_notifacation, xrefs: 00912710
                                                                        • bsx_disable_hyperv, xrefs: 00912692
                                                                        • bsx_enable_vt_win7, xrefs: 00912748
                                                                        • bsx_why_GRM_needed, xrefs: 00912702
                                                                        • bsx_enable_vt_win8, xrefs: 0091273A
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Base@@$Data$?freeData@$?create?recalcLeftMostNodeNode@Tree@U1@@
                                                                        • String ID: bsx_disable_hyperv$bsx_disable_windows_notifacation$bsx_enable_vt_win10$bsx_enable_vt_win11$bsx_enable_vt_win7$bsx_enable_vt_win8$bsx_engine_failed_to_launch$bsx_engine_failed_to_launch_since_recent_Windows_update$bsx_engine_force_update_failed$bsx_engine_insert_image_instruction$bsx_engine_install_disk_insufficient$bsx_engine_install_instruction$bsx_engine_updating_to_hyperv_supporting_version$bsx_why_GRM_needed
                                                                        • API String ID: 3171394654-3715296701
                                                                        • Opcode ID: dc981413c46a921309af495c7986e849d9c49288a1891830ce589a5f7bd30347
                                                                        • Instruction ID: 326d44455e155de5c2e62da5c17cdd1cf5d8c25d904c5e66c862bb7d2f5431dc
                                                                        • Opcode Fuzzy Hash: dc981413c46a921309af495c7986e849d9c49288a1891830ce589a5f7bd30347
                                                                        • Instruction Fuzzy Hash: 73517EB0A00309CFDB14DFA6D88879EBBF4BF44315F24855CD814AB291D776AA99CF50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00912980 Relevance: 31.6, APIs: 4, Strings: 14, Instructions: 136COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?createData@QMapDataBase@@SAPAU1@XZ.QT5CORE ref: 00912A6F
                                                                        • ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z.QT5CORE(?,00000004), ref: 00912ACB
                                                                        • ?freeData@QMapDataBase@@SAXPAU1@@Z.QT5CORE(00000000), ref: 00912AD2
                                                                        • ?recalcMostLeftNode@QMapDataBase@@QAEXXZ.QT5CORE ref: 00912AE3
                                                                        Strings
                                                                        • bsx_engine_updating_to_hyperv_supporting_version, xrefs: 009129F6
                                                                        • bsx_engine_install_disk_insufficient, xrefs: 009129DA
                                                                        • bsx_enable_vt_win10, xrefs: 00912A3C
                                                                        • bsx_enable_vt_win11, xrefs: 00912A2E
                                                                        • bsx_engine_insert_image_instruction, xrefs: 009129BE
                                                                        • bsx_engine_install_instruction, xrefs: 009129CC
                                                                        • bsx_engine_failed_to_launch_since_recent_Windows_update, xrefs: 00912A04
                                                                        • bsx_engine_failed_to_launch, xrefs: 009129E8
                                                                        • bsx_engine_force_update_failed, xrefs: 009129B0
                                                                        • bsx_disable_windows_notifacation, xrefs: 00912A20
                                                                        • bsx_disable_hyperv, xrefs: 009129A2
                                                                        • bsx_enable_vt_win7, xrefs: 00912A58
                                                                        • bsx_why_GRM_needed, xrefs: 00912A12
                                                                        • bsx_enable_vt_win8, xrefs: 00912A4A
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Base@@$Data$?freeData@$?create?recalcLeftMostNodeNode@Tree@U1@@
                                                                        • String ID: bsx_disable_hyperv$bsx_disable_windows_notifacation$bsx_enable_vt_win10$bsx_enable_vt_win11$bsx_enable_vt_win7$bsx_enable_vt_win8$bsx_engine_failed_to_launch$bsx_engine_failed_to_launch_since_recent_Windows_update$bsx_engine_force_update_failed$bsx_engine_insert_image_instruction$bsx_engine_install_disk_insufficient$bsx_engine_install_instruction$bsx_engine_updating_to_hyperv_supporting_version$bsx_why_GRM_needed
                                                                        • API String ID: 3171394654-3715296701
                                                                        • Opcode ID: 2312165ab79319998e73cbd7faa0ee6027372762ffaa132d9b18fac41a1fc89f
                                                                        • Instruction ID: e42f1cb41c2df1d28fd788cad152d7537fc58516e6bc4450b83e20355c4dbb34
                                                                        • Opcode Fuzzy Hash: 2312165ab79319998e73cbd7faa0ee6027372762ffaa132d9b18fac41a1fc89f
                                                                        • Instruction Fuzzy Hash: 3B5189B0A0430DCFDB24DFA6D88869DBBF4BF45305F248558D814AB290D7B2AA89CF50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00914F00 Relevance: 31.6, APIs: 4, Strings: 14, Instructions: 136COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?createData@QMapDataBase@@SAPAU1@XZ.QT5CORE ref: 00914FEF
                                                                        • ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z.QT5CORE(?,00000004), ref: 0091504B
                                                                        • ?freeData@QMapDataBase@@SAXPAU1@@Z.QT5CORE(00000000), ref: 00915052
                                                                        • ?recalcMostLeftNode@QMapDataBase@@QAEXXZ.QT5CORE ref: 00915063
                                                                        Strings
                                                                        • bsx_engine_updating_to_hyperv_supporting_version, xrefs: 00914F76
                                                                        • bsx_engine_install_disk_insufficient, xrefs: 00914F5A
                                                                        • bsx_enable_vt_win10, xrefs: 00914FBC
                                                                        • bsx_enable_vt_win11, xrefs: 00914FAE
                                                                        • bsx_engine_insert_image_instruction, xrefs: 00914F3E
                                                                        • bsx_engine_install_instruction, xrefs: 00914F4C
                                                                        • bsx_engine_failed_to_launch_since_recent_Windows_update, xrefs: 00914F84
                                                                        • bsx_engine_failed_to_launch, xrefs: 00914F68
                                                                        • bsx_engine_force_update_failed, xrefs: 00914F30
                                                                        • bsx_disable_windows_notifacation, xrefs: 00914FA0
                                                                        • bsx_disable_hyperv, xrefs: 00914F22
                                                                        • bsx_enable_vt_win7, xrefs: 00914FD8
                                                                        • bsx_why_GRM_needed, xrefs: 00914F92
                                                                        • bsx_enable_vt_win8, xrefs: 00914FCA
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Base@@$Data$?freeData@$?create?recalcLeftMostNodeNode@Tree@U1@@
                                                                        • String ID: bsx_disable_hyperv$bsx_disable_windows_notifacation$bsx_enable_vt_win10$bsx_enable_vt_win11$bsx_enable_vt_win7$bsx_enable_vt_win8$bsx_engine_failed_to_launch$bsx_engine_failed_to_launch_since_recent_Windows_update$bsx_engine_force_update_failed$bsx_engine_insert_image_instruction$bsx_engine_install_disk_insufficient$bsx_engine_install_instruction$bsx_engine_updating_to_hyperv_supporting_version$bsx_why_GRM_needed
                                                                        • API String ID: 3171394654-3715296701
                                                                        • Opcode ID: ee3b4062631f12cf97d3bbd8d57444707ef0436910c1ec754b0fc76200c9609b
                                                                        • Instruction ID: 54458f8afc25fbd04be8711b3afa103ba9b1ab333a21a160d94ea40247167842
                                                                        • Opcode Fuzzy Hash: ee3b4062631f12cf97d3bbd8d57444707ef0436910c1ec754b0fc76200c9609b
                                                                        • Instruction Fuzzy Hash: 04516FB0A1070DCFDB14CF96D88869DBBF4BF88309F264558D418AB391D7B69989CF90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00913870 Relevance: 31.6, APIs: 4, Strings: 14, Instructions: 136COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?createData@QMapDataBase@@SAPAU1@XZ.QT5CORE ref: 0091395F
                                                                        • ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z.QT5CORE(?,00000004), ref: 009139BB
                                                                        • ?freeData@QMapDataBase@@SAXPAU1@@Z.QT5CORE(00000000), ref: 009139C2
                                                                        • ?recalcMostLeftNode@QMapDataBase@@QAEXXZ.QT5CORE ref: 009139D3
                                                                        Strings
                                                                        • bsx_engine_updating_to_hyperv_supporting_version, xrefs: 009138E6
                                                                        • bsx_engine_install_disk_insufficient, xrefs: 009138CA
                                                                        • bsx_enable_vt_win10, xrefs: 0091392C
                                                                        • bsx_enable_vt_win11, xrefs: 0091391E
                                                                        • bsx_engine_insert_image_instruction, xrefs: 009138AE
                                                                        • bsx_engine_install_instruction, xrefs: 009138BC
                                                                        • bsx_engine_failed_to_launch_since_recent_Windows_update, xrefs: 009138F4
                                                                        • bsx_engine_failed_to_launch, xrefs: 009138D8
                                                                        • bsx_engine_force_update_failed, xrefs: 009138A0
                                                                        • bsx_disable_windows_notifacation, xrefs: 00913910
                                                                        • bsx_disable_hyperv, xrefs: 00913892
                                                                        • bsx_enable_vt_win7, xrefs: 00913948
                                                                        • bsx_why_GRM_needed, xrefs: 00913902
                                                                        • bsx_enable_vt_win8, xrefs: 0091393A
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Base@@$Data$?freeData@$?create?recalcLeftMostNodeNode@Tree@U1@@
                                                                        • String ID: bsx_disable_hyperv$bsx_disable_windows_notifacation$bsx_enable_vt_win10$bsx_enable_vt_win11$bsx_enable_vt_win7$bsx_enable_vt_win8$bsx_engine_failed_to_launch$bsx_engine_failed_to_launch_since_recent_Windows_update$bsx_engine_force_update_failed$bsx_engine_insert_image_instruction$bsx_engine_install_disk_insufficient$bsx_engine_install_instruction$bsx_engine_updating_to_hyperv_supporting_version$bsx_why_GRM_needed
                                                                        • API String ID: 3171394654-3715296701
                                                                        • Opcode ID: 16b385aca42f8f97703a76b26abf1acee7ab16d2e89b11b46c18ae3f64c18a21
                                                                        • Instruction ID: 06c0602f82c224bc4b38f8424217bf33bbd7cfb1f4e242da0225a3f3abc26e0b
                                                                        • Opcode Fuzzy Hash: 16b385aca42f8f97703a76b26abf1acee7ab16d2e89b11b46c18ae3f64c18a21
                                                                        • Instruction Fuzzy Hash: 20518CB0A00309DFEB24CFA6D88879DBBF4BF44305F14855CD819AB295D7B69A89CF50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00911AC0 Relevance: 31.6, APIs: 4, Strings: 14, Instructions: 136COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?createData@QMapDataBase@@SAPAU1@XZ.QT5CORE(00000000,00000004,00000008,00000001), ref: 00911BAF
                                                                        • ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z.QT5CORE(?,00000004), ref: 00911C0B
                                                                        • ?freeData@QMapDataBase@@SAXPAU1@@Z.QT5CORE(00000000), ref: 00911C12
                                                                        • ?recalcMostLeftNode@QMapDataBase@@QAEXXZ.QT5CORE ref: 00911C23
                                                                        Strings
                                                                        • bsx_engine_updating_to_hyperv_supporting_version, xrefs: 00911B36
                                                                        • bsx_engine_install_disk_insufficient, xrefs: 00911B1A
                                                                        • bsx_enable_vt_win10, xrefs: 00911B7C
                                                                        • bsx_enable_vt_win11, xrefs: 00911B6E
                                                                        • bsx_engine_insert_image_instruction, xrefs: 00911AFE
                                                                        • bsx_engine_install_instruction, xrefs: 00911B0C
                                                                        • bsx_engine_failed_to_launch_since_recent_Windows_update, xrefs: 00911B44
                                                                        • bsx_engine_failed_to_launch, xrefs: 00911B28
                                                                        • bsx_engine_force_update_failed, xrefs: 00911AF0
                                                                        • bsx_disable_windows_notifacation, xrefs: 00911B60
                                                                        • bsx_disable_hyperv, xrefs: 00911AE2
                                                                        • bsx_enable_vt_win7, xrefs: 00911B98
                                                                        • bsx_why_GRM_needed, xrefs: 00911B52
                                                                        • bsx_enable_vt_win8, xrefs: 00911B8A
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Base@@$Data$?freeData@$?create?recalcLeftMostNodeNode@Tree@U1@@
                                                                        • String ID: bsx_disable_hyperv$bsx_disable_windows_notifacation$bsx_enable_vt_win10$bsx_enable_vt_win11$bsx_enable_vt_win7$bsx_enable_vt_win8$bsx_engine_failed_to_launch$bsx_engine_failed_to_launch_since_recent_Windows_update$bsx_engine_force_update_failed$bsx_engine_insert_image_instruction$bsx_engine_install_disk_insufficient$bsx_engine_install_instruction$bsx_engine_updating_to_hyperv_supporting_version$bsx_why_GRM_needed
                                                                        • API String ID: 3171394654-3715296701
                                                                        • Opcode ID: 27369baf0828d425d73c0a3eb56d50bfaef5f47ccdde734919c497f464f3a7b0
                                                                        • Instruction ID: d78048ca0ec5e716b390803047d238f9bdcbe85df2d3345bedec313d5e061318
                                                                        • Opcode Fuzzy Hash: 27369baf0828d425d73c0a3eb56d50bfaef5f47ccdde734919c497f464f3a7b0
                                                                        • Instruction Fuzzy Hash: 6051BFB0A04309DFDB14CF96D88879DBBF4BF44305F144558D814AB391D7B6A989CF90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 009198F0 Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 85windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(0095EC24,00000000,EB0B5FE6,6766BF60,00976390,0097639C), ref: 0091991D
                                                                        • ?setText@QAbstractButton@@QAEXABVQString@@@Z.QT5WIDGETS(?), ref: 00919939
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00919949
                                                                        • ?setFixedSize@QWidget@@QAEXHH@Z.QT5WIDGETS(00000028,00000028), ref: 00919955
                                                                        • ??0QCursor@@QAE@W4CursorShape@Qt@@@Z.QT5GUI(0000000D), ref: 00919960
                                                                        • ?setCursor@QWidget@@QAEXABVQCursor@@@Z.QT5WIDGETS(?), ref: 00919973
                                                                        • ??1QCursor@@QAE@XZ.QT5GUI ref: 00919983
                                                                        • ??0QSize@@QAE@HH@Z.QT5CORE(00000010,00000010), ref: 00919990
                                                                        • ?setImageSize@ImageButton@@QAEXABVQSize@@@Z.UICONTROL(00000000), ref: 00919999
                                                                        • ?setFocusPolicy@QWidget@@QAEXW4FocusPolicy@Qt@@@Z.QT5WIDGETS(00000000), ref: 009199A3
                                                                        • ?setToolTip@QWidget@@QAEXABVQString@@@Z.QT5WIDGETS(?), ref: 009199AE
                                                                        • ?setImage@ImageButton@@QAEXABVQString@@@Z.UICONTROL(?), ref: 009199B9
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE( QPushButton:hover{ background-color: %1; } QPushButton:pressed{ background-color: %2; } ,00000085), ref: 009199C9
                                                                        • ?arg@QString@@QBE?AV1@ABV1@0@Z.QT5CORE(?,?,?), ref: 009199E9
                                                                        • ?setStyleSheet@QWidget@@QAEXABVQString@@@Z.QT5WIDGETS(00000000), ref: 009199F6
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 009199FF
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00919A08
                                                                        Strings
                                                                        • QPushButton:hover{ background-color: %1; } QPushButton:pressed{ background-color: %2; } , xrefs: 009199C4
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: ?set$String@@$Widget@@$String@@@$Button@@Image$?fromArrayAscii_helper@Cursor@@Data@FocusPolicy@Qt@@@Size@Typed$?arg@AbstractCursorCursor@Cursor@@@FixedImage@Shape@Sheet@Size@@Size@@@StyleText@Tip@ToolV1@0@
                                                                        • String ID: QPushButton:hover{ background-color: %1; } QPushButton:pressed{ background-color: %2; }
                                                                        • API String ID: 1933261982-2686782991
                                                                        • Opcode ID: 6017aad85f71148e64e96fdb39506b11ef23290ccf3ebf7c5c919d67a0b721d1
                                                                        • Instruction ID: 524c4bfc08752cf9bb6bfe5fffe223b8bc8a5733b4a3b08077fab94140b32a7f
                                                                        • Opcode Fuzzy Hash: 6017aad85f71148e64e96fdb39506b11ef23290ccf3ebf7c5c919d67a0b721d1
                                                                        • Instruction Fuzzy Hash: 0631667161830AAFDF08CF91EC08BAD7BB9FB44716F008119F922962E0EB725705AB51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00918AE0 Relevance: 30.2, APIs: 15, Strings: 2, Instructions: 422timeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,EB0B5FE6), ref: 00918F8A
                                                                        • memmove.VCRUNTIME140(00000000,https://www.bluestacks.com/,0000001B,?,?,?,EB0B5FE6), ref: 00919046
                                                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000020,?,?,?,EB0B5FE6), ref: 009190E9
                                                                        • ?toLatin1@QString@@QGBE?AVQByteArray@@XZ.QT5CORE(?,EB0B5FE6), ref: 00919120
                                                                        • ?data@QByteArray@@QAEPADXZ.QT5CORE ref: 0091912C
                                                                        • ??1QByteArray@@QAE@XZ.QT5CORE(00000000,00000001), ref: 00919151
                                                                        • ?winId@QWidget@@QBEIXZ.QT5WIDGETS(?,?,?,EB0B5FE6), ref: 00919159
                                                                        • ?width@QWidget@@QBEHXZ.QT5WIDGETS(?,?,EB0B5FE6), ref: 00919164
                                                                        • ?devicePixelRatioF@QPaintDevice@@QBENXZ.QT5GUI(?,?,EB0B5FE6), ref: 0091917A
                                                                        • ?height@QWidget@@QBEHXZ.QT5WIDGETS(?,?,EB0B5FE6), ref: 00919192
                                                                        • ?devicePixelRatioF@QPaintDevice@@QBENXZ.QT5GUI(?,?,EB0B5FE6), ref: 009191A8
                                                                        • memset.VCRUNTIME140(?,00000000), ref: 009191F8
                                                                        • memset.VCRUNTIME140(?,00000000,0000003C,?,00000000), ref: 0091921C
                                                                          • Part of subcall function 00955C76: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,009158C7,00000008,?,?,?,?,00956C6D,000000FF), ref: 00955C8B
                                                                        • ?start@QTimer@@QAEXXZ.QT5CORE ref: 00919359
                                                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00919421
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Array@@ByteWidget@@_invalid_parameter_noinfo_noreturn$?deviceDevice@@PaintPixelRatiomemset$?data@?height@?start@?width@?winLatin1@String@@Timer@@mallocmemmove
                                                                        • String ID: https://www.bluestacks.com/$url
                                                                        • API String ID: 19998467-2978775078
                                                                        • Opcode ID: f93198ed7186775b24e8a7dfc459db6994465ee70b3553ea39c6b81a23430a40
                                                                        • Instruction ID: 74f81353326fb9ca5ffdd72c5cec1b764a8385abe8d327317c3ac76cc80daa03
                                                                        • Opcode Fuzzy Hash: f93198ed7186775b24e8a7dfc459db6994465ee70b3553ea39c6b81a23430a40
                                                                        • Instruction Fuzzy Hash: 5402C071E0434CDFEB11DFA8C858BDEBBB8AF49304F144159E809A7291DB719AC8CB51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00917340 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 225timeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ??0QWidget@@QAE@PAV0@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS(?,00000000,EB0B5FE6), ref: 00917372
                                                                        • ??0QByteArray@@QAE@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,009575AD,000000FF), ref: 009173E1
                                                                        • ?setWindowFlag@QWidget@@QAEXW4WindowType@Qt@@_N@Z.QT5WIDGETS(00000800,00000001), ref: 009173F4
                                                                          • Part of subcall function 00955C76: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,009158C7,00000008,?,?,?,?,00956C6D,000000FF), ref: 00955C8B
                                                                        • ??0QTimer@@QAE@PAVQObject@@@Z.QT5CORE(?,00000001), ref: 00917472
                                                                        • ?setInterval@QTimer@@QAEXH@Z.QT5CORE(00004E20,?,00000001), ref: 00917497
                                                                        • ?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PBV1@PAPAX01PAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PBHPBU3@@Z.QT5CORE(00000001,?,00960044,?,00000000,00000000,00000000,00000000,0000000C,?,00000001), ref: 009174DC
                                                                        • ??1Connection@QMetaObject@@QAE@XZ.QT5CORE ref: 009174EE
                                                                        • ?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PBV1@PAPAX01PAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PBHPBU3@@Z.QT5CORE(?,?,00923B70,?,00000000,00000000,00000000,00000000,00975264,0000000C), ref: 00917531
                                                                        • ??1Connection@QMetaObject@@QAE@XZ.QT5CORE ref: 0091753D
                                                                        • ??0QTimer@@QAE@PAVQObject@@@Z.QT5CORE(?), ref: 00917558
                                                                        • ?setInterval@QTimer@@QAEXH@Z.QT5CORE(00002710), ref: 0091757A
                                                                          • Part of subcall function 00955C76: _callnewh.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,009158C7,00000008,?,?,?,?,00956C6D,000000FF), ref: 00955C7E
                                                                          • Part of subcall function 00955C76: _CxxThrowException.VCRUNTIME140(?,0096D38C), ref: 009562DD
                                                                        • ?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PBV1@PAPAX01PAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PBHPBU3@@Z.QT5CORE(00000001,?,?,?,00000000,00000000,00000000,00000000,0000000C), ref: 009175BC
                                                                        • ??1Connection@QMetaObject@@QAE@XZ.QT5CORE ref: 009175CA
                                                                        • ?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PBV1@PAPAX01PAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PBHPBU3@@Z.QT5CORE(?,?,00923B70,?,00000000,00000000,00000000,00000000,00975264,0000000C), ref: 0091760A
                                                                        • ??1Connection@QMetaObject@@QAE@XZ.QT5CORE ref: 00917612
                                                                          • Part of subcall function 00918B10: ??0QGridLayout@@QAE@PAVQWidget@@@Z.QT5WIDGETS(?,67781AD0), ref: 00918B5D
                                                                          • Part of subcall function 00918B10: ?setContentsMargins@QLayout@@QAEXHHHH@Z.QT5WIDGETS(00000003,00000000,00000003,00000003), ref: 00918B87
                                                                          • Part of subcall function 00918B10: ??0QWidget@@QAE@PAV0@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS(00957A35,00000000), ref: 00918BA6
                                                                          • Part of subcall function 00918B10: ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(background-color: #FFFFFF;,0000001A), ref: 00918BCD
                                                                          • Part of subcall function 00918B10: ?setStyleSheet@QWidget@@QAEXABVQString@@@Z.QT5WIDGETS(?), ref: 00918BEA
                                                                          • Part of subcall function 00918B10: ??1QString@@QAE@XZ.QT5CORE ref: 00918BFA
                                                                          • Part of subcall function 00918B10: ?addWidget@QLayout@@QAEXPAVQWidget@@@Z.QT5WIDGETS(8DCCCCCC), ref: 00918C05
                                                                          • Part of subcall function 00918B10: ??0QVBoxLayout@@QAE@PAVQWidget@@@Z.QT5WIDGETS(8DCCCCCC), ref: 00918C29
                                                                          • Part of subcall function 00918B10: ?setContentsMargins@QLayout@@QAEXHHHH@Z.QT5WIDGETS(00000000,00000000,00000000,00000000), ref: 00918C4D
                                                                          • Part of subcall function 00918B10: ??0QSpacerItem@@QAE@HHW4Policy@QSizePolicy@@0@Z.QT5WIDGETS(00000028,00000014,00000001,00000007), ref: 00918C6F
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Object@@$Connection@Meta$Type@$?set$Layout@@$?connectBase@ConnectionImpl@ObjectPrivate@@Qt@@SlotTimer@@U3@@Widget@@Window$Widget@@@$ContentsFlags@Interval@Margins@Object@@@Qt@@@@@String@@$?add?fromArrayArray@@Ascii_helper@ByteData@ExceptionFlag@GridItem@@Policy@Policy@@0@Qt@@_Sheet@SizeSpacerString@@@StyleThrowTypedWidget@_callnewhmalloc
                                                                        • String ID: D
                                                                        • API String ID: 15475721-2746444292
                                                                        • Opcode ID: ea44741673f3496b716414242da4f0c81d9ffcc4550a68387718008269d7f06a
                                                                        • Instruction ID: 98fa6c50fcf1da7f5713357d2e96d671184d2035b95bd27a2ae507fbd1746e71
                                                                        • Opcode Fuzzy Hash: ea44741673f3496b716414242da4f0c81d9ffcc4550a68387718008269d7f06a
                                                                        • Instruction Fuzzy Hash: AE916DB1A04304EFEB14CF55CC95B9ABFF8EF48704F148099E9099F292D7B5AA44CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00922EC0 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 117COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ??0QWidget@@QAE@PAV0@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS(00000000,00000000,EB0B5FE6,?,00000000,?,?,00000000,00959055,000000FF,?,?,00000000,?,?), ref: 00922EF0
                                                                          • Part of subcall function 00955C76: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,009158C7,00000008,?,?,?,?,00956C6D,000000FF), ref: 00955C8B
                                                                        • ??0QGridLayout@@QAE@PAVQWidget@@@Z.QT5WIDGETS ref: 00922F27
                                                                        • ?setSpacing@QGridLayout@@QAEXH@Z.QT5WIDGETS(00000006), ref: 00922F42
                                                                        • ?setHorizontalSpacing@QGridLayout@@QAEXH@Z.QT5WIDGETS(00000006), ref: 00922F4C
                                                                        • ?setVerticalSpacing@QGridLayout@@QAEXH@Z.QT5WIDGETS(00000000), ref: 00922F56
                                                                        • ?setContentsMargins@QLayout@@QAEXHHHH@Z.QT5WIDGETS(00000006,00000006,00000006,00000006), ref: 00922F66
                                                                          • Part of subcall function 00955C76: _callnewh.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,009158C7,00000008,?,?,?,?,00956C6D,000000FF), ref: 00955C7E
                                                                          • Part of subcall function 00955C76: _CxxThrowException.VCRUNTIME140(?,0096D38C), ref: 009562DD
                                                                        • ??0QLabel@@QAE@PAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS(?,00000000), ref: 00922F84
                                                                        • ?setAlignment@QLabel@@QAEXV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS(?,?,00000000), ref: 00922FAA
                                                                        • ?addWidget@QGridLayout@@QAEXPAVQWidget@@HHHHV?$QFlags@W4AlignmentFlag@Qt@@@@@Z.QT5WIDGETS(00000000,00000000,00000000,00000001,00000001,00000000,?,?,00000000), ref: 00922FBF
                                                                        • ?setWindowFlags@QWidget@@QAEXV?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS(0095FF04,?,?,00000000), ref: 00922FD9
                                                                        • ?setAttribute@QWidget@@QAEXW4WidgetAttribute@Qt@@_N@Z.QT5WIDGETS(00000078,00000001,?,?,00000000), ref: 00922FE1
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(QWidget{background-color: #B321262A;border: 1px solid #19ECE8F8;}QLabel{font-size: 12px;color: #FFC8C8C8;padding: 3px 6px 3px 6px;},0000008D,?,?,00000000), ref: 00922FF1
                                                                        • ?setStyleSheet@QWidget@@QAEXABVQString@@@Z.QT5WIDGETS(?,?,00000000), ref: 00923007
                                                                        • ??1QString@@QAE@XZ.QT5CORE(?,00000000), ref: 00923014
                                                                        • ?setWindowFlags@QWidget@@QAEXV?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS(?,?,00000000), ref: 00923025
                                                                        Strings
                                                                        • QWidget{background-color: #B321262A;border: 1px solid #19ECE8F8;}QLabel{font-size: 12px;color: #FFC8C8C8;padding: 3px 6px 3px 6px;}, xrefs: 00922FEC
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: ?set$Flags@$Widget@@$Layout@@Qt@@@@@Window$Grid$Type@$Spacing@$AlignmentAttribute@Flag@Label@@String@@$?add?fromAlignment@ArrayAscii_helper@ContentsData@ExceptionHorizontalMargins@Qt@@_Sheet@String@@@StyleThrowTypedVerticalWidgetWidget@Widget@@@_callnewhmalloc
                                                                        • String ID: QWidget{background-color: #B321262A;border: 1px solid #19ECE8F8;}QLabel{font-size: 12px;color: #FFC8C8C8;padding: 3px 6px 3px 6px;}
                                                                        • API String ID: 3187581712-418215106
                                                                        • Opcode ID: 890124fb5b274f102159292bc84b27890fcffd4a47eed32d490602903d4ee022
                                                                        • Instruction ID: ea2ada5eddb4ee6e51497489619240d9f8a8fb120cc9cfdf4103194a1212c6b2
                                                                        • Opcode Fuzzy Hash: 890124fb5b274f102159292bc84b27890fcffd4a47eed32d490602903d4ee022
                                                                        • Instruction Fuzzy Hash: DB41DEB0614344AFEB188F55DC8AB5EBFE5FB48702F144068F50A9B3D0DBB64A04DBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091A0F0 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 114COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ??8@YA_NABVQString@@0@Z.QT5CORE(0097637C,?,EB0B5FE6), ref: 0091A13B
                                                                        • ??8@YA_NABVQString@@0@Z.QT5CORE(00976388,?), ref: 0091A14E
                                                                        • ?instance@BLauncher@@SAPAV1@XZ.BLAUNCHER(?,00000022), ref: 0091A176
                                                                        • ?getAppConfigValue@BLauncher@@QAE?AVQVariant@@W4AppConfig@1@@Z.BLAUNCHER ref: 0091A17E
                                                                        • ?toString@QVariant@@QBE?AVQString@@XZ.QT5CORE(?), ref: 0091A18E
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091A1A4
                                                                        • ??1QVariant@@QAE@XZ.QT5CORE ref: 0091A1B1
                                                                        • ?fromUtf8@QString@@SA?AV1@PBDH@Z.QT5CORE(?,-closeLogin,000000FF), ref: 0091A1C2
                                                                        • ?toUtf8@QString@@QHAE?AVQByteArray@@XZ.QT5CORE(?), ref: 0091A1D5
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091A1E2
                                                                        • ?fromPercentEncoding@QUrl@@SA?AVQString@@ABVQByteArray@@@Z.QT5CORE(?,?), ref: 0091A1F0
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091A209
                                                                        • ??1QByteArray@@QAE@XZ.QT5CORE ref: 0091A212
                                                                        • ??1QObject@@UAE@XZ.QT5CORE ref: 0091A222
                                                                        • ?close@QWidget@@QAE_NXZ.QT5WIDGETS ref: 0091A22B
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: String@@$ByteVariant@@$??8@?fromArray@@Launcher@@String@@0@Utf8@$?close@?get?instance@Array@@@ConfigConfig@1@@Encoding@Object@@PercentString@Url@@Value@Widget@@
                                                                        • String ID: -closeLogin
                                                                        • API String ID: 2545501700-2274446270
                                                                        • Opcode ID: 63c5916401f30c2329a66429cb9b79ad927e179d70344d45d18925c8c3e9919a
                                                                        • Instruction ID: 59a0333923aba89b2da24a4b5ffff0c93821957c8ec0ec7b067dc9a267bd8263
                                                                        • Opcode Fuzzy Hash: 63c5916401f30c2329a66429cb9b79ad927e179d70344d45d18925c8c3e9919a
                                                                        • Instruction Fuzzy Hash: E1418D31918349EBDF08DFA5ED49BDDBB78FB04316F004158E81AA3291EB365B44DB61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 009219E0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 166COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?instance@BLauncher@@SAPAV1@XZ.BLAUNCHER(?,00000022,?), ref: 00921A70
                                                                        • ?getAppConfigValue@BLauncher@@QAE?AVQVariant@@W4AppConfig@1@@Z.BLAUNCHER ref: 00921A78
                                                                        • ?toString@QVariant@@QBE?AVQString@@XZ.QT5CORE(?), ref: 00921A88
                                                                        • ??1QVariant@@QAE@XZ.QT5CORE ref: 00921A95
                                                                        • ?fromUtf8@QString@@SA?AV1@PBDH@Z.QT5CORE(?,-showMainwindow,000000FF), ref: 00921AC0
                                                                        • ?toUtf8@QString@@QHAE?AVQByteArray@@XZ.QT5CORE(?), ref: 00921AD3
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00921AE0
                                                                        • ?fromPercentEncoding@QUrl@@SA?AVQString@@ABVQByteArray@@@Z.QT5CORE(?,?), ref: 00921AEE
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00921B0B
                                                                        • ??1QByteArray@@QAE@XZ.QT5CORE ref: 00921B20
                                                                        • ??1QObject@@UAE@XZ.QT5CORE ref: 00921B29
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00921B32
                                                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00921B62
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: String@@$ByteVariant@@$?fromArray@@Launcher@@Utf8@$?get?instance@Array@@@ConfigConfig@1@@Encoding@Object@@PercentString@Url@@Value@_invalid_parameter_noinfo_noreturn
                                                                        • String ID: -showMainwindow
                                                                        • API String ID: 2365041075-3798903152
                                                                        • Opcode ID: 6ec297cecc099e93620982434b6979d84189a2f42c150ecb79192999f98f70fc
                                                                        • Instruction ID: e4e4961c767db72bc9193a5870b0486e87bb352b3bf41fc73a3c1ee28018aad4
                                                                        • Opcode Fuzzy Hash: 6ec297cecc099e93620982434b6979d84189a2f42c150ecb79192999f98f70fc
                                                                        • Instruction Fuzzy Hash: 5E61C170A04248EFDF08DFA8D958BDDBBB8FF55315F148058E806A7395DB719A08CB21
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00919EC0 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 86COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?tr@QMetaObject@@QBE?AVQString@@PBD0H@Z.QT5CORE(?,Minimize,00000000,000000FF,EB0B5FE6), ref: 00919F12
                                                                        • ?setToolTip@QWidget@@QAEXABVQString@@@Z.QT5WIDGETS(?), ref: 00919F28
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00919F34
                                                                        • ?tr@QMetaObject@@QBE?AVQString@@PBD0H@Z.QT5CORE(?,Maximize,00000000,000000FF), ref: 00919F4C
                                                                        • ?setToolTip@QWidget@@QAEXABVQString@@@Z.QT5WIDGETS(?), ref: 00919F5C
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00919F68
                                                                        • ?tr@QMetaObject@@QBE?AVQString@@PBD0H@Z.QT5CORE(?,Close,00000000,000000FF), ref: 00919F80
                                                                        • ?setToolTip@QWidget@@QAEXABVQString@@@Z.QT5WIDGETS(?), ref: 00919F90
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00919F9C
                                                                        • ?changeEvent@QWidget@@MAEXPAVQEvent@@@Z.QT5WIDGETS(?,EB0B5FE6), ref: 00919FBA
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: String@@$Widget@@$?set?tr@MetaObject@@String@@@Tip@Tool$?changeEvent@Event@@@
                                                                        • String ID: Close$Maximize$Minimize
                                                                        • API String ID: 2660921086-3185488169
                                                                        • Opcode ID: eb657681d04593dfdf0bad701eb4698ab12050192462e3f4bc2cc494e82f505f
                                                                        • Instruction ID: ce7b9c231bb45d8f2cbbc7ec2f7ae7510e65a8396e32a1ec05c9b2ce7310e5da
                                                                        • Opcode Fuzzy Hash: eb657681d04593dfdf0bad701eb4698ab12050192462e3f4bc2cc494e82f505f
                                                                        • Instruction Fuzzy Hash: 82317271A0431DABDB54CF94DD84BADB7BCEB84720F204659E525E32D0D7716A44CB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00955C76 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 193COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • _CxxThrowException.VCRUNTIME140(?,00967428), ref: 009171C7
                                                                        • ?_Xlength_error@std@@YAXPBD@Z.MSVCP140(string too long,?,00967428), ref: 009171D5
                                                                        • _callnewh.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,009158C7,00000008,?,?,?,?,00956C6D,000000FF), ref: 00955C7E
                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,009158C7,00000008,?,?,?,?,00956C6D,000000FF), ref: 00955C8B
                                                                        • _CxxThrowException.VCRUNTIME140(?,0096D38C), ref: 009562DD
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: ExceptionThrow$Xlength_error@std@@_callnewhmalloc
                                                                        • String ID: Unknown exception$string too long
                                                                        • API String ID: 715539135-3796544978
                                                                        • Opcode ID: 97e28ed4ad5a12f45e37d026ee077bf91f3edead6383b233fdef19668c105ad7
                                                                        • Instruction ID: f0fc7f19408ecdb4c5562a4d36649b48688a98f98702c0688945e1ce7ad7c221
                                                                        • Opcode Fuzzy Hash: 97e28ed4ad5a12f45e37d026ee077bf91f3edead6383b233fdef19668c105ad7
                                                                        • Instruction Fuzzy Hash: 2951583170830D6BC728EFE5E85599DB7BCEB80321F604A29FC65C7692DB70D98487A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091D0D0 Relevance: 21.1, APIs: 14, Instructions: 93COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • _Mtx_lock.MSVCP140(?,EB0B5FE6), ref: 0091D108
                                                                        • ??0QPainter@@QAE@PAVQPaintDevice@@@Z.QT5GUI ref: 0091D12E
                                                                        • ?width@QWidget@@QBEHXZ.QT5WIDGETS ref: 0091D13A
                                                                        • ?height@QWidget@@QBEHXZ.QT5WIDGETS ref: 0091D144
                                                                        • ?height@QWidget@@QBEHXZ.QT5WIDGETS ref: 0091D158
                                                                        • ?height@QWidget@@QBEHXZ.QT5WIDGETS ref: 0091D163
                                                                        • ??0QRect@@QAE@HHHH@Z.QT5CORE(00000000,00000000,00000000,00000000), ref: 0091D171
                                                                        • ?rect@QPixmap@@QBE?AVQRect@@XZ.QT5GUI(?), ref: 0091D183
                                                                        • ?drawPixmap@QPainter@@QAEXABVQRect@@ABVQPixmap@@0@Z.QT5GUI(?,?,00000000), ref: 0091D192
                                                                        • ?end@QPainter@@QAE_NXZ.QT5GUI ref: 0091D19B
                                                                        • ??1QPainter@@QAE@XZ.QT5GUI ref: 0091D1A4
                                                                        • _Mtx_unlock.MSVCP140(?), ref: 0091D1B2
                                                                        • ?paintEvent@QLabel@@MAEXPAVQPaintEvent@@@Z.QT5WIDGETS(?), ref: 0091D1BF
                                                                        • ?_Throw_C_error@std@@YAXH@Z.MSVCP140(00000000), ref: 0091D1DA
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Painter@@Widget@@$?height@Rect@@$Paint$?draw?end@?paint?rect@?width@C_error@std@@Device@@@Event@Event@@@Label@@Mtx_lockMtx_unlockPixmap@Pixmap@@Pixmap@@0@Throw_
                                                                        • String ID:
                                                                        • API String ID: 2086862543-0
                                                                        • Opcode ID: 9c2f8996e13ff8d9738cb0a37299a4d2dcc5983f2163f4dc575e944a01f21323
                                                                        • Instruction ID: c948639c75a3da7e81323316c97f5ab586ca61e9722b0501ade6ee7bd8d4bbf0
                                                                        • Opcode Fuzzy Hash: 9c2f8996e13ff8d9738cb0a37299a4d2dcc5983f2163f4dc575e944a01f21323
                                                                        • Instruction Fuzzy Hash: 6E3187729046099FCB08DFB5DC49AEEFBB9FB44315F14452AF812E3290EB315A04CB51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091CD40 Relevance: 19.6, APIs: 13, Instructions: 135COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?isFullScreen@QWidget@@QBE_NXZ.QT5WIDGETS(EB0B5FE6,00000000), ref: 0091CD6C
                                                                        • ?isMaximized@QWidget@@QBE_NXZ.QT5WIDGETS ref: 0091CD7D
                                                                        • ?frameGeometry@QWidget@@QBE?AVQRect@@XZ.QT5WIDGETS(?), ref: 0091CD92
                                                                          • Part of subcall function 0091C920: ?left@QRect@@QBEHXZ.QT5CORE(00000000,?,?,?,?,?), ref: 0091C947
                                                                          • Part of subcall function 0091C920: ?top@QRect@@QBEHXZ.QT5CORE(?,?,?,?,?), ref: 0091C952
                                                                          • Part of subcall function 0091C920: ?width@QRect@@QBEHXZ.QT5CORE(?,?,?,?,?), ref: 0091C95D
                                                                          • Part of subcall function 0091C920: ?height@QRect@@QBEHXZ.QT5CORE(?,?,?,?,?), ref: 0091C968
                                                                        • ??0QCursor@@QAE@W4CursorShape@Qt@@@Z.QT5GUI(00000008,?,00000000), ref: 0091CDCD
                                                                        • ??0QCursor@@QAE@W4CursorShape@Qt@@@Z.QT5GUI(00000007,?,00000000), ref: 0091CDF4
                                                                        • ?unsetCursor@QWidget@@QAEXXZ.QT5WIDGETS(?,00000000), ref: 0091CE22
                                                                        • ??0QCursor@@QAE@W4CursorShape@Qt@@@Z.QT5GUI(00000005,?,00000000), ref: 0091CE44
                                                                        • ?setCursor@QWidget@@QAEXABVQCursor@@@Z.QT5WIDGETS(?), ref: 0091CE58
                                                                        • ??1QCursor@@QAE@XZ.QT5GUI ref: 0091CE61
                                                                        • ??0QCursor@@QAE@W4CursorShape@Qt@@@Z.QT5GUI(00000006,?,00000000), ref: 0091CE83
                                                                        • ?setCursor@QWidget@@QAEXABVQCursor@@@Z.QT5WIDGETS(?), ref: 0091CE97
                                                                        • ??1QCursor@@QAE@XZ.QT5GUI ref: 0091CEA0
                                                                        • ?unsetCursor@QWidget@@QAEXXZ.QT5WIDGETS ref: 0091CEC6
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Widget@@$Cursor@@$Rect@@$CursorCursor@Qt@@@Shape@$?set?unsetCursor@@@$?frame?height@?left@?top@?width@FullGeometry@Maximized@Screen@
                                                                        • String ID:
                                                                        • API String ID: 3044919791-0
                                                                        • Opcode ID: 9a382134094753765a7b59edd478ac2d5c36c0acda0b42259c80ecbba7c04082
                                                                        • Instruction ID: 58de52c9f2ff406de0f9e8266022b66722b56bd953168186dad318eed86a30b0
                                                                        • Opcode Fuzzy Hash: 9a382134094753765a7b59edd478ac2d5c36c0acda0b42259c80ecbba7c04082
                                                                        • Instruction Fuzzy Hash: F941CBB574870DDFDB18CF55D804BE9BBA8FB54715F00416AEC0583690EB35AE95CB80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091D1E0 Relevance: 19.6, APIs: 13, Instructions: 89COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • _Mtx_lock.MSVCP140(?,EB0B5FE6,?,?,?), ref: 0091D218
                                                                        • ?currentPixmap@QMovie@@QBE?AVQPixmap@@XZ.QT5GUI(?,?), ref: 0091D236
                                                                        • ?devicePixelRatioF@QPaintDevice@@QBENXZ.QT5GUI ref: 0091D245
                                                                        • ?devicePixelRatioF@QPaintDevice@@QBENXZ.QT5GUI ref: 0091D251
                                                                        • ?height@QWidget@@QBEHXZ.QT5WIDGETS(00000001,00000001), ref: 0091D260
                                                                        • ?height@QWidget@@QBEHXZ.QT5WIDGETS(00000000), ref: 0091D27A
                                                                        • ?scaled@QPixmap@@QBE?AV1@HHW4AspectRatioMode@Qt@@W4TransformationMode@3@@Z.QT5GUI(?,00000000), ref: 0091D298
                                                                        • ??4QPixmap@@QAEAAV0@$$QAV0@@Z.QT5GUI(00000000), ref: 0091D2A2
                                                                        • ??1QPixmap@@UAE@XZ.QT5GUI ref: 0091D2B1
                                                                        • ??1QPixmap@@UAE@XZ.QT5GUI ref: 0091D2B6
                                                                        • _Mtx_unlock.MSVCP140(?), ref: 0091D2C0
                                                                        • ?repaint@QWidget@@QAEXXZ.QT5WIDGETS ref: 0091D2CB
                                                                        • ?_Throw_C_error@std@@YAXH@Z.MSVCP140(00000000,?), ref: 0091D2E6
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Pixmap@@$RatioWidget@@$?device?height@Device@@PaintPixel$?current?repaint@?scaled@AspectC_error@std@@Mode@Mode@3@@Movie@@Mtx_lockMtx_unlockPixmap@Qt@@Throw_TransformationV0@$$V0@@
                                                                        • String ID:
                                                                        • API String ID: 2883486794-0
                                                                        • Opcode ID: 61990e15eba722f9e8eb2ca9e2d6b41c7fce3199af802cf3163af9fddf54341c
                                                                        • Instruction ID: ea50497f6f7d848cd1b4f84d2da1be36be23fe440ef8f01efa9dd717f82be09e
                                                                        • Opcode Fuzzy Hash: 61990e15eba722f9e8eb2ca9e2d6b41c7fce3199af802cf3163af9fddf54341c
                                                                        • Instruction Fuzzy Hash: 6C3192719147089FCB15DFB1DD58ADEFBB8EF48311F00462AE802A32A1EB316A45CB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091BBF0 Relevance: 18.2, APIs: 12, Instructions: 200COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?realloc@QListData@@QAEXH@Z.QT5CORE(?,EB0B5FE6), ref: 0091BC52
                                                                        • ?nextNode@QHashData@@SAPAUNode@1@PAU21@@Z.QT5CORE(?,?,EB0B5FE6), ref: 0091BC8D
                                                                        • ?size@QListData@@QBEHXZ.QT5CORE(EB0B5FE6), ref: 0091BC9E
                                                                        • ?at@QListData@@QBEPAPAXH@Z.QT5CORE(00000000), ref: 0091BCD4
                                                                        • ?freeNode@QHashData@@QAEXPAX@Z.QT5CORE(?,00000000,00000000), ref: 0091BD1A
                                                                        • ?hasShrunk@QHashData@@QAEXXZ.QT5CORE(?,00000000,00000000), ref: 0091BD2C
                                                                        • ?setAttribute@QWidget@@QAEXW4WidgetAttribute@Qt@@_N@Z.QT5WIDGETS(00000002,00000000,?,00000000,00000000), ref: 0091BD4A
                                                                        • ?setWindowFlags@QWidget@@QAEXV?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS(?,?,00000000,00000000), ref: 0091BD52
                                                                        • ?setAttribute@QWidget@@QAEXW4WidgetAttribute@Qt@@_N@Z.QT5WIDGETS(0000004A,00000000,?,00000000,00000000), ref: 0091BD5F
                                                                        • ?free_helper@QHashData@@QAEXP6AXPAUNode@1@@Z@Z.QT5CORE(Function_0000C140), ref: 0091BDD0
                                                                        • ?dispose@QListData@@SAXPAUData@1@@Z.QT5CORE(?), ref: 0091BE08
                                                                        • ??1QObject@@UAE@XZ.QT5CORE ref: 0091BE14
                                                                          • Part of subcall function 0091C1C0: ?begin@QListData@@QBEPAPAXXZ.QT5CORE(EB0B5FE6,?,?,009606C0,?), ref: 0091C1F0
                                                                          • Part of subcall function 0091C1C0: ?detach@QListData@@QAEPAUData@1@H@Z.QT5CORE(?), ref: 0091C1FD
                                                                          • Part of subcall function 0091C1C0: ?end@QListData@@QBEPAPAXXZ.QT5CORE(00000000), ref: 0091C212
                                                                          • Part of subcall function 0091C1C0: ?begin@QListData@@QBEPAPAXXZ.QT5CORE(00000000), ref: 0091C21B
                                                                          • Part of subcall function 0091C1C0: ?dispose@QListData@@SAXPAUData@1@@Z.QT5CORE(00000000,00000000), ref: 0091C24B
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Data@@$List$Attribute@Hash$?setWidget@@$?begin@?dispose@Data@1@@Flags@Node@Qt@@_WidgetWindow$?at@?detach@?end@?free?free_helper@?has?next?realloc@?size@Data@1@Node@1@Node@1@@Object@@Qt@@@@@Shrunk@Type@U21@@
                                                                        • String ID:
                                                                        • API String ID: 2909811101-0
                                                                        • Opcode ID: 67a920469a97eee796fe49e809b3d157390f21cffcf81436ff28d4d90be86d5c
                                                                        • Instruction ID: 4dcc5068c83ed5050dbff168f82a3cb1f9d13def580978872587465fa9f07663
                                                                        • Opcode Fuzzy Hash: 67a920469a97eee796fe49e809b3d157390f21cffcf81436ff28d4d90be86d5c
                                                                        • Instruction Fuzzy Hash: F371C075B0020ADFDB18DF59CC80BAEB7B9FF49311F154559E816AB290DB31AD80CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00915140 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_Start_Success), ref: 0091517D
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_Crashed,00000010), ref: 00915197
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_Closed,0000000F), ref: 009151AE
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_ModeSwitched,00000015), ref: 009151C5
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_LaunchedMode,00000015), ref: 009151DC
                                                                          • Part of subcall function 00915AC0: ?createData@QMapDataBase@@SAPAU1@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915AF9
                                                                          • Part of subcall function 00915AC0: ??1QString@@QAE@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915B47
                                                                          • Part of subcall function 00915AC0: ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z.QT5CORE(?,00000004,?,6766F990,?,?,009119A1,?,?), ref: 00915B6C
                                                                          • Part of subcall function 00915AC0: ?freeData@QMapDataBase@@SAXPAU1@@Z.QT5CORE(00000000,?,6766F990,?,?,009119A1,?,?), ref: 00915B73
                                                                          • Part of subcall function 00915AC0: ?recalcMostLeftNode@QMapDataBase@@QAEXXZ.QT5CORE(?,?,009119A1,?,?), ref: 00915B83
                                                                          • Part of subcall function 00915AC0: ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(009119A5,?,6766F990,?,?,009119A1), ref: 00915BCE
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Data@String@@$?fromArrayAscii_helper@Base@@Typed$Data$?free$?create?recalcLeftMostNodeNode@Tree@U1@@V0@@
                                                                        • String ID: Launcher_Closed$Launcher_Crashed$Launcher_LaunchedMode$Launcher_ModeSwitched$Launcher_Start_Success
                                                                        • API String ID: 3036596844-26572043
                                                                        • Opcode ID: 093ebacd729da3ea704e8bd7eddfcb7d55f5cf9b11e32838d262e0592545feb4
                                                                        • Instruction ID: 3dd833803767c360b4f15031e95072241693b435228dccc2f40c37148dc5e65e
                                                                        • Opcode Fuzzy Hash: 093ebacd729da3ea704e8bd7eddfcb7d55f5cf9b11e32838d262e0592545feb4
                                                                        • Instruction Fuzzy Hash: E8219FB0D4430CEEEB10DFA5CD46BEDBBB4EB48715F00416AE910B72C1D7B516088B91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00913AB0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_Start_Success), ref: 00913AED
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_Crashed,00000010), ref: 00913B07
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_Closed,0000000F), ref: 00913B1E
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_ModeSwitched,00000015), ref: 00913B35
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_LaunchedMode,00000015), ref: 00913B4C
                                                                          • Part of subcall function 00915AC0: ?createData@QMapDataBase@@SAPAU1@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915AF9
                                                                          • Part of subcall function 00915AC0: ??1QString@@QAE@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915B47
                                                                          • Part of subcall function 00915AC0: ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z.QT5CORE(?,00000004,?,6766F990,?,?,009119A1,?,?), ref: 00915B6C
                                                                          • Part of subcall function 00915AC0: ?freeData@QMapDataBase@@SAXPAU1@@Z.QT5CORE(00000000,?,6766F990,?,?,009119A1,?,?), ref: 00915B73
                                                                          • Part of subcall function 00915AC0: ?recalcMostLeftNode@QMapDataBase@@QAEXXZ.QT5CORE(?,?,009119A1,?,?), ref: 00915B83
                                                                          • Part of subcall function 00915AC0: ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(009119A5,?,6766F990,?,?,009119A1), ref: 00915BCE
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Data@String@@$?fromArrayAscii_helper@Base@@Typed$Data$?free$?create?recalcLeftMostNodeNode@Tree@U1@@V0@@
                                                                        • String ID: Launcher_Closed$Launcher_Crashed$Launcher_LaunchedMode$Launcher_ModeSwitched$Launcher_Start_Success
                                                                        • API String ID: 3036596844-26572043
                                                                        • Opcode ID: 84c5ef169d72f2687040de72b44dd09ca37c6331ef7966b5a998a32ff5b458d0
                                                                        • Instruction ID: 991b4872e7d202e43a014580852d1b7a440f9deaae124569be21dbeeb40d4865
                                                                        • Opcode Fuzzy Hash: 84c5ef169d72f2687040de72b44dd09ca37c6331ef7966b5a998a32ff5b458d0
                                                                        • Instruction Fuzzy Hash: 26217CB0D4430CEAEB00DFA5DC56BEDBBB4EB48715F00416AE910BB2C1D7B516088B91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00911D00 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_Start_Success), ref: 00911D3D
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_Crashed,00000010), ref: 00911D57
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_Closed,0000000F), ref: 00911D6E
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_ModeSwitched,00000015), ref: 00911D85
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Launcher_LaunchedMode,00000015), ref: 00911D9C
                                                                          • Part of subcall function 00915AC0: ?createData@QMapDataBase@@SAPAU1@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915AF9
                                                                          • Part of subcall function 00915AC0: ??1QString@@QAE@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915B47
                                                                          • Part of subcall function 00915AC0: ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z.QT5CORE(?,00000004,?,6766F990,?,?,009119A1,?,?), ref: 00915B6C
                                                                          • Part of subcall function 00915AC0: ?freeData@QMapDataBase@@SAXPAU1@@Z.QT5CORE(00000000,?,6766F990,?,?,009119A1,?,?), ref: 00915B73
                                                                          • Part of subcall function 00915AC0: ?recalcMostLeftNode@QMapDataBase@@QAEXXZ.QT5CORE(?,?,009119A1,?,?), ref: 00915B83
                                                                          • Part of subcall function 00915AC0: ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(009119A5,?,6766F990,?,?,009119A1), ref: 00915BCE
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Data@String@@$?fromArrayAscii_helper@Base@@Typed$Data$?free$?create?recalcLeftMostNodeNode@Tree@U1@@V0@@
                                                                        • String ID: Launcher_Closed$Launcher_Crashed$Launcher_LaunchedMode$Launcher_ModeSwitched$Launcher_Start_Success
                                                                        • API String ID: 3036596844-26572043
                                                                        • Opcode ID: 0d71abd30802139901208953da1f8def08dee7edea2a5dfb2c5390da41af3cfa
                                                                        • Instruction ID: 1adbb76a54b16768f86d24b708c1ab6206bb768d5d648c59ab44c2c8b2ec7116
                                                                        • Opcode Fuzzy Hash: 0d71abd30802139901208953da1f8def08dee7edea2a5dfb2c5390da41af3cfa
                                                                        • Instruction Fuzzy Hash: 77219FB0E4470CEEEB00DFA5CC46BEEBBB4EB48715F10456AE910B72C2D7B516088B91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00920EC0 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 290COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00922580: memchr.VCRUNTIME140(?,?,?,00000000,?,0091FE4D,?,?,?,0091FE4D,;base64,,00000008,?,?,?), ref: 009225E0
                                                                          • Part of subcall function 00922580: memchr.VCRUNTIME140(00000001,?,0091FE4D,00000000,?,0091FE4D,?,?,?,0091FE4D,;base64,,00000008,?,?,?), ref: 0092265B
                                                                        • ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(EB0B5FE6), ref: 00920FF5
                                                                        • ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z.MSVCP140(?,00000000), ref: 00921014
                                                                        • ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140 ref: 0092104E
                                                                        • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z.MSVCP140(?,).</h2></body></html>,?,?,?,?,?,?,?), ref: 009210F5
                                                                        Strings
                                                                        • bluestacks, xrefs: 00920F57
                                                                        • ).</h2></body></html>, xrefs: 009210DF
                                                                        • <html><body bgcolor="white"><h2>Failed to load URL , xrefs: 0092109C
                                                                        • with error , xrefs: 009210BC
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: U?$char_traits@$D@std@@@std@@$memchr$??0?$basic_ios@??0?$basic_iostream@??0?$basic_streambuf@??6?$basic_ostream@D@std@@@1@@V01@V?$basic_streambuf@
                                                                        • String ID: with error $).</h2></body></html>$<html><body bgcolor="white"><h2>Failed to load URL $bluestacks
                                                                        • API String ID: 484535972-2599015028
                                                                        • Opcode ID: 74df4e96e51dfe0f0d34c9e8037ed983d8975157867a6775eb3ff415f5f06529
                                                                        • Instruction ID: 636dcc763867123cebfe554621207f50c58a60f0147a13dcc65cc0ab6964bf08
                                                                        • Opcode Fuzzy Hash: 74df4e96e51dfe0f0d34c9e8037ed983d8975157867a6775eb3ff415f5f06529
                                                                        • Instruction Fuzzy Hash: 6FC1AF70E04248DFDF14DFA8C855BDDBBB4AF59304F1480A9E815A7292DB719A44CF61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091D2F0 Relevance: 15.1, APIs: 10, Instructions: 108COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?stop@QMovie@@QAEXXZ.QT5GUI(EB0B5FE6,00957A35,68209160,00000000,?,00000000,009584AE), ref: 0091D32E
                                                                        • ?disconnectImpl@QObject@@CA_NPBV1@PAPAX01PBUQMetaObject@@@Z.QT5CORE(?,00000000,F0E9BC4D,?), ref: 0091D357
                                                                        • ??0QByteArray@@QAE@XZ.QT5CORE(00000000,?,00000000,009584AE), ref: 0091D387
                                                                        • ??0QMovie@@QAE@ABVQString@@ABVQByteArray@@PAVQObject@@@Z.QT5GUI(00918E28,00000000,F0E9BC4D,?,00000000,009584AE), ref: 0091D39F
                                                                        • ??1QByteArray@@QAE@XZ.QT5CORE(?,00000000,009584AE), ref: 0091D3B8
                                                                        • ??0QSize@@QAE@HH@Z.QT5CORE(0000004C,0000004C,?,00000000,009584AE), ref: 0091D3C5
                                                                        • ?setScaledSize@QMovie@@QAEXABVQSize@@@Z.QT5GUI(?,?,00000000,009584AE), ref: 0091D3D2
                                                                        • ?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PBV1@PAPAX01PAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PBHPBU3@@Z.QT5CORE(00000000,?,00918E28,F0E9BC4D,0091D1E0,00000000,00000000,00000000), ref: 0091D428
                                                                        • ??1Connection@QMetaObject@@QAE@XZ.QT5CORE ref: 0091D434
                                                                        • ?start@QMovie@@QAEXXZ.QT5GUI ref: 0091D43D
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Movie@@Object@@$Array@@ByteMeta$Connection@Impl@Object@@@$?connect?disconnect?set?start@?stop@Base@ConnectionObjectPrivate@@Qt@@ScaledSize@Size@@Size@@@SlotString@@Type@U3@@
                                                                        • String ID:
                                                                        • API String ID: 2534529003-0
                                                                        • Opcode ID: 6a86fc81424386a95f7c3492c91ffe26865bf4715cf9d7b18bc24bf221c0959d
                                                                        • Instruction ID: 84fa692627162b27509519df9f18f9c6cf8349b2b1de6d06f15886ae2f8d9da2
                                                                        • Opcode Fuzzy Hash: 6a86fc81424386a95f7c3492c91ffe26865bf4715cf9d7b18bc24bf221c0959d
                                                                        • Instruction Fuzzy Hash: D74148B1914309AFDB04CF95DC48BEEBBB8FB48711F004159E915A72A1D775AA84CFA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091A010 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 77COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?windowState@QWidget@@QBE?AV?$QFlags@W4WindowState@Qt@@@@XZ.QT5WIDGETS(?,?,?,?,?,00957D2E,000000FF), ref: 0091A057
                                                                        • ?setWindowState@QWidget@@QAEXV?$QFlags@W4WindowState@Qt@@@@@Z.QT5WIDGETS(?,?,?,?,?,00957D2E,000000FF), ref: 0091A065
                                                                        • ?tr@QMetaObject@@QBE?AVQString@@PBD0H@Z.QT5CORE(?,Press ESC to exit fullscreen.,00000000,000000FF,?,?,?,?,00957D2E,000000FF), ref: 0091A07D
                                                                        • ?showTip@Toast@@SAXABVQString@@PAVQWidget@@_NHW4AnchorPoint@1@@Z.UICONTROL(?,?,00000000,000007D0,00000001,?,?,?,?,00957D2E,000000FF), ref: 0091A098
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091A0A4
                                                                        • ?windowState@QWidget@@QBE?AV?$QFlags@W4WindowState@Qt@@@@XZ.QT5WIDGETS(?,?,?,?,?,00957D2E,000000FF), ref: 0091A0C1
                                                                        • ?setWindowState@QWidget@@QAEXV?$QFlags@W4WindowState@Qt@@@@@Z.QT5WIDGETS(?,?,?,?,?,00957D2E,000000FF), ref: 0091A0CF
                                                                        Strings
                                                                        • Press ESC to exit fullscreen., xrefs: 0091A06F
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: State@$Window$Flags@Widget@@$String@@$?set?windowQt@@@@Qt@@@@@$?show?tr@AnchorMetaObject@@Point@1@@Tip@Toast@@Widget@@_
                                                                        • String ID: Press ESC to exit fullscreen.
                                                                        • API String ID: 967298591-930839456
                                                                        • Opcode ID: eade6b41c776d0b39cfa704afb1ce5394c62ffd0dd2f1011aa47e7bcf51995f1
                                                                        • Instruction ID: afde0e213ebb7cd072cf8f7d610aa002dd1ec2f11e18278f1224b225a9333b87
                                                                        • Opcode Fuzzy Hash: eade6b41c776d0b39cfa704afb1ce5394c62ffd0dd2f1011aa47e7bcf51995f1
                                                                        • Instruction Fuzzy Hash: F8219276A58308AFDB14CF64DC48B99B7A8FB09721F00466AF916D73D0EB75A600DB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 009187D0 Relevance: 13.6, APIs: 9, Instructions: 60COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?text@QLabel@@QBE?AVQString@@XZ.QT5WIDGETS(EB0B5FE6,EB0B5FE6), ref: 0091880A
                                                                        • ?toLatin1@QString@@QHAE?AVQByteArray@@XZ.QT5CORE(?), ref: 0091881D
                                                                        • ?data@QByteArray@@QAEPADXZ.QT5CORE ref: 00918829
                                                                        • ?tr@QMetaObject@@QBE?AVQString@@PBD0H@Z.QT5CORE(00000059,00000000,00000000,000000FF), ref: 0091883D
                                                                        • ?setText@QLabel@@QAEXABVQString@@@Z.QT5WIDGETS(00000059), ref: 0091884E
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00918857
                                                                        • ??1QByteArray@@QAE@XZ.QT5CORE ref: 00918860
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00918870
                                                                        • ?changeEvent@QWidget@@MAEXPAVQEvent@@@Z.QT5WIDGETS(?,EB0B5FE6), ref: 00918879
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: String@@$Array@@Byte$Label@@$?change?data@?set?text@?tr@Event@Event@@@Latin1@MetaObject@@String@@@Text@Widget@@
                                                                        • String ID:
                                                                        • API String ID: 770545593-0
                                                                        • Opcode ID: 29ab16591c03d80793a19a5f1cbbb79039562a77827e10135a318753c6825683
                                                                        • Instruction ID: 3d770c8b6954a96088e0b18eeb40bb311164487b0a537584e4cb4554b8f8610a
                                                                        • Opcode Fuzzy Hash: 29ab16591c03d80793a19a5f1cbbb79039562a77827e10135a318753c6825683
                                                                        • Instruction Fuzzy Hash: EA218475918309EFCB08DF65DD48B9DBBBCFB08315F104259E416936D0DB716A44DB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00915280 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 66COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(0095EC24), ref: 009152BD
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Android_Game,0000000C), ref: 009152D7
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Cloud_Game,0000000A), ref: 009152EE
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Steam_Game,0000000A), ref: 00915305
                                                                          • Part of subcall function 00915AC0: ?createData@QMapDataBase@@SAPAU1@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915AF9
                                                                          • Part of subcall function 00915AC0: ??1QString@@QAE@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915B47
                                                                          • Part of subcall function 00915AC0: ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z.QT5CORE(?,00000004,?,6766F990,?,?,009119A1,?,?), ref: 00915B6C
                                                                          • Part of subcall function 00915AC0: ?freeData@QMapDataBase@@SAXPAU1@@Z.QT5CORE(00000000,?,6766F990,?,?,009119A1,?,?), ref: 00915B73
                                                                          • Part of subcall function 00915AC0: ?recalcMostLeftNode@QMapDataBase@@QAEXXZ.QT5CORE(?,?,009119A1,?,?), ref: 00915B83
                                                                          • Part of subcall function 00915AC0: ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(009119A5,?,6766F990,?,?,009119A1), ref: 00915BCE
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Data@String@@$Base@@$?fromArrayAscii_helper@DataTyped$?free$?create?recalcLeftMostNodeNode@Tree@U1@@V0@@
                                                                        • String ID: Android_Game$Cloud_Game$Steam_Game
                                                                        • API String ID: 568696076-3169377699
                                                                        • Opcode ID: e7db0af717aab784ddd3e4b99fcc6150e447af4026a88a4539c4296e724bdc28
                                                                        • Instruction ID: eef044d61e1bd8a22cb8ed452a40469a9af08a19ea331b8d5fd69c1d33ada115
                                                                        • Opcode Fuzzy Hash: e7db0af717aab784ddd3e4b99fcc6150e447af4026a88a4539c4296e724bdc28
                                                                        • Instruction Fuzzy Hash: 6321B0B1E44308AFEB14DFA5DC42BEEBBB8FB48715F00415AE811772C0D7B516088B91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00913BF0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 66COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(0095EC24), ref: 00913C2D
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Android_Game,0000000C), ref: 00913C47
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Cloud_Game,0000000A), ref: 00913C5E
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Steam_Game,0000000A), ref: 00913C75
                                                                          • Part of subcall function 00915AC0: ?createData@QMapDataBase@@SAPAU1@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915AF9
                                                                          • Part of subcall function 00915AC0: ??1QString@@QAE@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915B47
                                                                          • Part of subcall function 00915AC0: ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z.QT5CORE(?,00000004,?,6766F990,?,?,009119A1,?,?), ref: 00915B6C
                                                                          • Part of subcall function 00915AC0: ?freeData@QMapDataBase@@SAXPAU1@@Z.QT5CORE(00000000,?,6766F990,?,?,009119A1,?,?), ref: 00915B73
                                                                          • Part of subcall function 00915AC0: ?recalcMostLeftNode@QMapDataBase@@QAEXXZ.QT5CORE(?,?,009119A1,?,?), ref: 00915B83
                                                                          • Part of subcall function 00915AC0: ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(009119A5,?,6766F990,?,?,009119A1), ref: 00915BCE
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Data@String@@$Base@@$?fromArrayAscii_helper@DataTyped$?free$?create?recalcLeftMostNodeNode@Tree@U1@@V0@@
                                                                        • String ID: Android_Game$Cloud_Game$Steam_Game
                                                                        • API String ID: 568696076-3169377699
                                                                        • Opcode ID: cb925b93e4e3bc7b2812c4b87056e0d1c46f5ffaae0386d180e157221acf587e
                                                                        • Instruction ID: 0ae98f8058b4e48c6adaa357cd507fbc67e44ef6e469646f12a6774c61d7175f
                                                                        • Opcode Fuzzy Hash: cb925b93e4e3bc7b2812c4b87056e0d1c46f5ffaae0386d180e157221acf587e
                                                                        • Instruction Fuzzy Hash: B521AFB1E44318AFEB14DFA5DC42BAEBBB8FB48715F00455AE815772C0D7B516088B91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00911E40 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 66COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(0095EC24), ref: 00911E7D
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Android_Game,0000000C), ref: 00911E97
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Cloud_Game,0000000A), ref: 00911EAE
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Steam_Game,0000000A), ref: 00911EC5
                                                                          • Part of subcall function 00915AC0: ?createData@QMapDataBase@@SAPAU1@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915AF9
                                                                          • Part of subcall function 00915AC0: ??1QString@@QAE@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915B47
                                                                          • Part of subcall function 00915AC0: ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z.QT5CORE(?,00000004,?,6766F990,?,?,009119A1,?,?), ref: 00915B6C
                                                                          • Part of subcall function 00915AC0: ?freeData@QMapDataBase@@SAXPAU1@@Z.QT5CORE(00000000,?,6766F990,?,?,009119A1,?,?), ref: 00915B73
                                                                          • Part of subcall function 00915AC0: ?recalcMostLeftNode@QMapDataBase@@QAEXXZ.QT5CORE(?,?,009119A1,?,?), ref: 00915B83
                                                                          • Part of subcall function 00915AC0: ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(009119A5,?,6766F990,?,?,009119A1), ref: 00915BCE
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Data@String@@$Base@@$?fromArrayAscii_helper@DataTyped$?free$?create?recalcLeftMostNodeNode@Tree@U1@@V0@@
                                                                        • String ID: Android_Game$Cloud_Game$Steam_Game
                                                                        • API String ID: 568696076-3169377699
                                                                        • Opcode ID: 5ef3989fe43b78f4ef00a9d9290327a238ba542bf73702a60dc2ec32a7278cb7
                                                                        • Instruction ID: 5cba5775e0ee2966d337c86fb49f53a38f6215cbb840fb1d892155f331c627d0
                                                                        • Opcode Fuzzy Hash: 5ef3989fe43b78f4ef00a9d9290327a238ba542bf73702a60dc2ec32a7278cb7
                                                                        • Instruction Fuzzy Hash: 9F21AFB1E44308ABEB14DFA5DC42BAEBBB8FB48715F00415AE811772C0D7B516088B91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091C290 Relevance: 12.1, APIs: 8, Instructions: 82COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?begin@QListData@@QBEPAPAXXZ.QT5CORE(EB0B5FE6,?,?,009606C0,?,?,009606C0,?), ref: 0091C2C0
                                                                        • ?detach_grow@QListData@@QAEPAUData@1@PAHH@Z.QT5CORE(?,?), ref: 0091C2D1
                                                                        • ?begin@QListData@@QBEPAPAXXZ.QT5CORE(00000000), ref: 0091C2E6
                                                                        • ?begin@QListData@@QBEPAPAXXZ.QT5CORE(?), ref: 0091C2F5
                                                                          • Part of subcall function 0091C8D0: memmove.VCRUNTIME140(?,?,?,?,0091C303,00000000), ref: 0091C8EF
                                                                        • ?end@QListData@@QBEPAPAXXZ.QT5CORE(?,00000000), ref: 0091C313
                                                                        • ?begin@QListData@@QBEPAPAXXZ.QT5CORE(00000000), ref: 0091C31C
                                                                        • ?dispose@QListData@@SAXPAUData@1@@Z.QT5CORE(00000000,00000000), ref: 0091C355
                                                                        • ?begin@QListData@@QBEPAPAXXZ.QT5CORE ref: 0091C360
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Data@@List$?begin@$?detach_grow@?dispose@?end@Data@1@Data@1@@memmove
                                                                        • String ID:
                                                                        • API String ID: 352950504-0
                                                                        • Opcode ID: 0c9616d115f21a6e579abc68c66cc694cc0c83c1e291ea09c754b17ca1673e66
                                                                        • Instruction ID: c52ac04ba8cfa6de84053e420065049ee5de5b821a2e01c1e38134a5b050e8e8
                                                                        • Opcode Fuzzy Hash: 0c9616d115f21a6e579abc68c66cc694cc0c83c1e291ea09c754b17ca1673e66
                                                                        • Instruction Fuzzy Hash: F3316F71604209AFCB18DF59D848AAE7BACFB48765F108219F826C73D0DB359B05DB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00956050 Relevance: 12.1, APIs: 8, Instructions: 56COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • _set_app_type.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000002), ref: 00956053
                                                                        • _set_fmode.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000002), ref: 0095605E
                                                                        • __p__commode.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000002), ref: 0095606A
                                                                        • __RTC_Initialize.LIBCMT ref: 00956082
                                                                        • _configure_narrow_argv.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,0095699E), ref: 00956097
                                                                          • Part of subcall function 00956901: InitializeSListHead.KERNEL32(009767D8,009560A7), ref: 00956906
                                                                        • __setusermatherr.API-MS-WIN-CRT-MATH-L1-1-0(Function_00018D50), ref: 009560B5
                                                                        • _configthreadlocale.API-MS-WIN-CRT-LOCALE-L1-1-0(00000000), ref: 009560D0
                                                                        • _initialize_narrow_environment.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 009560DF
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Initialize$HeadList__p__commode__setusermatherr_configthreadlocale_configure_narrow_argv_initialize_narrow_environment_set_app_type_set_fmode
                                                                        • String ID:
                                                                        • API String ID: 1933938900-0
                                                                        • Opcode ID: 8a55adf9424f302791175f881a38e08995bf70b45965b7b9ec02ac4a76378455
                                                                        • Instruction ID: 7e1e51323e271f97519b690906d1d2edad2f4009cc87c98d1f58939eaaf7d879
                                                                        • Opcode Fuzzy Hash: 8a55adf9424f302791175f881a38e08995bf70b45965b7b9ec02ac4a76378455
                                                                        • Instruction Fuzzy Hash: EE013C5164131224DD24FBF7192BB5F12881EE136BBD48815FD44AB0D7ED29984C8376
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01471150 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 128COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetFullPathNameW.KERNEL32(?,00000000,00000000,?,00000000,Function_00012580,?,01471130), ref: 014711BB
                                                                        • GetFullPathNameW.KERNEL32(?,00000000,?,?,?,00000000,00000000,?,00000000,Function_00012580,?,01471130), ref: 014711E5
                                                                        • GetLastError.KERNEL32(?,00000000,?,?,?,00000000,00000000,?,00000000,Function_00012580,?,01471130), ref: 014711F0
                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000,00000000,Function_00012580,?,01471130), ref: 0147127E
                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000,00000000,00000000,00000000,Function_00012580,?,01471130), ref: 014712A0
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentDirectoryFullNamePath$ErrorLast
                                                                        • String ID: :
                                                                        • API String ID: 3199781413-336475711
                                                                        • Opcode ID: 343d2befae760b31a5c9b2880122e8338989998b4c91c328ca9965441524b93e
                                                                        • Instruction ID: 6f404763666676a915f0e5510fc13830af92cf125cfbb264523b8d12de9d601d
                                                                        • Opcode Fuzzy Hash: 343d2befae760b31a5c9b2880122e8338989998b4c91c328ca9965441524b93e
                                                                        • Instruction Fuzzy Hash: 6B418370E0020A9FDB11DFA5C840BEFB7B9EFA5618F10852AD510F73A4DB749905C7A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00915390 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 66COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(0095EC24), ref: 009153CD
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Local,00000005), ref: 009153E7
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Cloud,00000005), ref: 009153FE
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(0095EF10,00000002), ref: 00915415
                                                                          • Part of subcall function 00915AC0: ?createData@QMapDataBase@@SAPAU1@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915AF9
                                                                          • Part of subcall function 00915AC0: ??1QString@@QAE@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915B47
                                                                          • Part of subcall function 00915AC0: ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z.QT5CORE(?,00000004,?,6766F990,?,?,009119A1,?,?), ref: 00915B6C
                                                                          • Part of subcall function 00915AC0: ?freeData@QMapDataBase@@SAXPAU1@@Z.QT5CORE(00000000,?,6766F990,?,?,009119A1,?,?), ref: 00915B73
                                                                          • Part of subcall function 00915AC0: ?recalcMostLeftNode@QMapDataBase@@QAEXXZ.QT5CORE(?,?,009119A1,?,?), ref: 00915B83
                                                                          • Part of subcall function 00915AC0: ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(009119A5,?,6766F990,?,?,009119A1), ref: 00915BCE
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Data@String@@$Base@@$?fromArrayAscii_helper@DataTyped$?free$?create?recalcLeftMostNodeNode@Tree@U1@@V0@@
                                                                        • String ID: Cloud$Local
                                                                        • API String ID: 568696076-3882714202
                                                                        • Opcode ID: 3400de695f59ea7f4e97ca634bcc73d29874341229e198b602ee938509bf778f
                                                                        • Instruction ID: 039703de04aae42d6f8c6189f6a7323c63c84ce76ace8f7d525ad54bee25a6c0
                                                                        • Opcode Fuzzy Hash: 3400de695f59ea7f4e97ca634bcc73d29874341229e198b602ee938509bf778f
                                                                        • Instruction Fuzzy Hash: ED21B0B0D44358ABEB14DFA5DC06BEEBBB8FB44714F00415AE811772C0EBB51A088B91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00913D00 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 66COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(0095EC24), ref: 00913D3D
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Local,00000005), ref: 00913D57
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Cloud,00000005), ref: 00913D6E
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(0095EF10,00000002), ref: 00913D85
                                                                          • Part of subcall function 00915AC0: ?createData@QMapDataBase@@SAPAU1@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915AF9
                                                                          • Part of subcall function 00915AC0: ??1QString@@QAE@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915B47
                                                                          • Part of subcall function 00915AC0: ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z.QT5CORE(?,00000004,?,6766F990,?,?,009119A1,?,?), ref: 00915B6C
                                                                          • Part of subcall function 00915AC0: ?freeData@QMapDataBase@@SAXPAU1@@Z.QT5CORE(00000000,?,6766F990,?,?,009119A1,?,?), ref: 00915B73
                                                                          • Part of subcall function 00915AC0: ?recalcMostLeftNode@QMapDataBase@@QAEXXZ.QT5CORE(?,?,009119A1,?,?), ref: 00915B83
                                                                          • Part of subcall function 00915AC0: ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(009119A5,?,6766F990,?,?,009119A1), ref: 00915BCE
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Data@String@@$Base@@$?fromArrayAscii_helper@DataTyped$?free$?create?recalcLeftMostNodeNode@Tree@U1@@V0@@
                                                                        • String ID: Cloud$Local
                                                                        • API String ID: 568696076-3882714202
                                                                        • Opcode ID: 95903bdd6993fb30d8a50425e808128255bd7356b6ce4e1ccf28f6888472ff4d
                                                                        • Instruction ID: db8962a863172f854d1a262b2a2c8e33812a5cde61350081a0c4f393143e0aa5
                                                                        • Opcode Fuzzy Hash: 95903bdd6993fb30d8a50425e808128255bd7356b6ce4e1ccf28f6888472ff4d
                                                                        • Instruction Fuzzy Hash: 2821AFB0D44358AAEB14DFA5DC06BEEBBB8FB44714F00415AE811772C0EBB51A088B91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00911F50 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 66COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(0095EC24), ref: 00911F8D
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Local,00000005), ref: 00911FA7
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Cloud,00000005), ref: 00911FBE
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(0095EF10,00000002), ref: 00911FD5
                                                                          • Part of subcall function 00915AC0: ?createData@QMapDataBase@@SAPAU1@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915AF9
                                                                          • Part of subcall function 00915AC0: ??1QString@@QAE@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915B47
                                                                          • Part of subcall function 00915AC0: ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z.QT5CORE(?,00000004,?,6766F990,?,?,009119A1,?,?), ref: 00915B6C
                                                                          • Part of subcall function 00915AC0: ?freeData@QMapDataBase@@SAXPAU1@@Z.QT5CORE(00000000,?,6766F990,?,?,009119A1,?,?), ref: 00915B73
                                                                          • Part of subcall function 00915AC0: ?recalcMostLeftNode@QMapDataBase@@QAEXXZ.QT5CORE(?,?,009119A1,?,?), ref: 00915B83
                                                                          • Part of subcall function 00915AC0: ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(009119A5,?,6766F990,?,?,009119A1), ref: 00915BCE
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Data@String@@$Base@@$?fromArrayAscii_helper@DataTyped$?free$?create?recalcLeftMostNodeNode@Tree@U1@@V0@@
                                                                        • String ID: Cloud$Local
                                                                        • API String ID: 568696076-3882714202
                                                                        • Opcode ID: 7e852e42d259f8a0014d5a8adb3edc61d51e26d7369d252d73974c463aa4a2d7
                                                                        • Instruction ID: b656fcc9f84490928593b6ebc37802e935e2d72ad1901e5cfb9bc86bf93c5548
                                                                        • Opcode Fuzzy Hash: 7e852e42d259f8a0014d5a8adb3edc61d51e26d7369d252d73974c463aa4a2d7
                                                                        • Instruction Fuzzy Hash: 1121AFB0D54758AAEB14DFA5DC06BAEBBB8FB44714F00415AE811772C0EBB51A08CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091AB60 Relevance: 10.5, APIs: 7, Instructions: 44COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ??8@YA_NABVQString@@0@Z.QT5CORE(0097637C,?), ref: 0091AB82
                                                                        • ??8@YA_NABVQString@@0@Z.QT5CORE(00976388,?), ref: 0091AB95
                                                                        • ?close@QWidget@@QAE_NXZ.QT5WIDGETS ref: 0091ABA4
                                                                        • ?instance@Language@@SAPAV1@XZ.BLAUNCHER ref: 0091ABB0
                                                                        • ?updateLanguageFromCache@Language@@QAEXXZ.BLAUNCHER ref: 0091ABB8
                                                                        • ?instance@QCoreApplication@@SAPAV1@XZ.QT5CORE ref: 0091ABC3
                                                                        • ?exit@QCoreApplication@@SAXH@Z.QT5CORE(00000000), ref: 0091ABCB
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: ??8@?instance@Application@@CoreLanguage@@String@@0@$?close@?exit@?updateCache@FromLanguageWidget@@
                                                                        • String ID:
                                                                        • API String ID: 313821266-0
                                                                        • Opcode ID: 2f143d049a0d99c36ddad626325633e2a1032dd070059e1658104dfe3df7cbf7
                                                                        • Instruction ID: 6ffd20168fc1e8ddafd0a3b7b9ee3ca40e589adec70b8396cbfe95910357d814
                                                                        • Opcode Fuzzy Hash: 2f143d049a0d99c36ddad626325633e2a1032dd070059e1658104dfe3df7cbf7
                                                                        • Instruction Fuzzy Hash: FAF0C8736583044BCA141FA9BD0CED5775DEB84723F040025F909D2154C6635E50D777
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 009176E0 Relevance: 10.5, APIs: 7, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 009176E6
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 009176EF
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 009176F8
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00917701
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091770A
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00917713
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091771C
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: String@@
                                                                        • String ID:
                                                                        • API String ID: 1688221058-0
                                                                        • Opcode ID: 41d4c02f3a8363145ce930c33519bc209196037741a5f350eed416f723f0e2ad
                                                                        • Instruction ID: 26b2764cac124bdd6c778167a22a5a60b038b0486c48b3a107c98bb9229d247d
                                                                        • Opcode Fuzzy Hash: 41d4c02f3a8363145ce930c33519bc209196037741a5f350eed416f723f0e2ad
                                                                        • Instruction Fuzzy Hash: EDF02230028716CFD72C9F12E858899B770AA11A17B0045AD9053834B4EB316A8EDB84
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00916350 Relevance: 9.2, APIs: 6, Instructions: 172COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • memmove.VCRUNTIME140(00000001,?,00000001), ref: 009163D4
                                                                          • Part of subcall function 00955C76: ?_Xlength_error@std@@YAXPBD@Z.MSVCP140(string too long,?,00967428), ref: 009171D5
                                                                        • memmove.VCRUNTIME140(00000001,?,00000001), ref: 0091641F
                                                                        • memmove.VCRUNTIME140(?,?,?), ref: 00916434
                                                                        • memmove.VCRUNTIME140(00000000,?,?,?), ref: 009164A0
                                                                        • memmove.VCRUNTIME140(?,?,?), ref: 009164BD
                                                                        • __std_exception_copy.VCRUNTIME140(-00000004,?,?), ref: 009164FE
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: memmove$Xlength_error@std@@__std_exception_copy
                                                                        • String ID:
                                                                        • API String ID: 3405564556-0
                                                                        • Opcode ID: d4c4de7ecc7fe2fc5a220ba43ef2e4f8b6adcefc5406b6a2e945478a187f872b
                                                                        • Instruction ID: 79d49f658aa0203ca0faae53cb160406d7e84b3551f3d45e72f64171cf257c44
                                                                        • Opcode Fuzzy Hash: d4c4de7ecc7fe2fc5a220ba43ef2e4f8b6adcefc5406b6a2e945478a187f872b
                                                                        • Instruction Fuzzy Hash: F651A171A00309DBDB14DF68D980A9AB7B8FF85310F10466EE865DB341D771EA94CBE1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091BEA0 Relevance: 9.2, APIs: 6, Instructions: 156COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?setAttribute@QWidget@@QAEXW4WidgetAttribute@Qt@@_N@Z.QT5WIDGETS(00000002,00000001,?,00000001,00000001,00000005), ref: 0091BF77
                                                                        • ?setAttribute@QWidget@@QAEXW4WidgetAttribute@Qt@@_N@Z.QT5WIDGETS(0000004A,00000001,?,00000001,00000001,00000005), ref: 0091BF80
                                                                        • ??0QRubberBand@@QAE@W4Shape@0@PAVQWidget@@@Z.QT5WIDGETS(00000001,00000000,?,?,00000001,00000001,00000005), ref: 0091BFC6
                                                                        • ?rehash@QHashData@@QAEXH@Z.QT5CORE(?,00000005,00000000,?,00000001,00000001,00000005), ref: 0091C023
                                                                        • ?allocateNode@QHashData@@QAEPAXH@Z.QT5CORE(00000004,00000005,00000000,?,00000001,00000001,00000005), ref: 0091C043
                                                                        • ?installEventFilter@QObject@@QAEXPAV1@@Z.QT5CORE(?,00000005,00000000,?,00000001,00000001,00000005), ref: 0091C070
                                                                          • Part of subcall function 00955C76: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,009158C7,00000008,?,?,?,?,00956C6D,000000FF), ref: 00955C8B
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Attribute@$?setData@@HashQt@@_WidgetWidget@@$?allocate?install?rehash@Band@@EventFilter@Node@Object@@RubberShape@0@V1@@Widget@@@malloc
                                                                        • String ID:
                                                                        • API String ID: 856989520-0
                                                                        • Opcode ID: a7c5fa9394bca09b8d6b48c7e5862cc665c72b7c435fb37b51d855496b163780
                                                                        • Instruction ID: 1294830ea248cc405469efafebd4a1c8b68bc61e2360e485922708371c5d11c4
                                                                        • Opcode Fuzzy Hash: a7c5fa9394bca09b8d6b48c7e5862cc665c72b7c435fb37b51d855496b163780
                                                                        • Instruction Fuzzy Hash: 406144B0A00609EFDB14CF55C884BAABBF5FF48310F10815AE8199B791D775A984CFD0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00916160 Relevance: 9.2, APIs: 6, Instructions: 151COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP140(?,?,EB0B5FE6), ref: 0091623D
                                                                        • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z.MSVCP140(?,?,00000000,?,EB0B5FE6), ref: 00916266
                                                                        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP140(?), ref: 00916292
                                                                        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(00000004,00000000), ref: 009162F6
                                                                        • ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00916303
                                                                        • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP140 ref: 0091630F
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@
                                                                        • String ID:
                                                                        • API String ID: 3901553425-0
                                                                        • Opcode ID: ab1bfecab517cd282dd6af79fe4cd91b69d8412c1b367ffe338094bd11f32d40
                                                                        • Instruction ID: 6b9a6c40f78182e0c80b13d059a9330a4d875ce7be45516629c28630efdb96ea
                                                                        • Opcode Fuzzy Hash: ab1bfecab517cd282dd6af79fe4cd91b69d8412c1b367ffe338094bd11f32d40
                                                                        • Instruction Fuzzy Hash: BC51A075E046089FCB14CF54C594BE9BBB5BF89324F254698DC25AB392CB32AD81CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 009223E0 Relevance: 9.1, APIs: 6, Instructions: 143COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • memmove.VCRUNTIME140(?,?,0091FE4D,?,?,?,?,0091FE4D,;base64,,00000008,?,?,?), ref: 00922418
                                                                        • memmove.VCRUNTIME140(00000000,?,0091FE4D,00000001,?,?,?,?,0091FE4D,;base64,), ref: 009224AC
                                                                        • memmove.VCRUNTIME140(0091FE4D,?,0091FE4D,00000000,?,0091FE4D,00000001,?,?,?,?,0091FE4D,;base64,), ref: 009224B8
                                                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000001,?,?,?,?,0091FE4D,;base64,), ref: 009224FE
                                                                        • memmove.VCRUNTIME140(00000000,00000000,?,00000001,?,?,?,?,0091FE4D,;base64,), ref: 00922507
                                                                        • memmove.VCRUNTIME140(0091FE4D,?,0091FE4D,00000000,00000000,?,00000001,?,?,?,?,0091FE4D,;base64,), ref: 00922513
                                                                          • Part of subcall function 00955C76: ?_Xlength_error@std@@YAXPBD@Z.MSVCP140(string too long,?,00967428), ref: 009171D5
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: memmove$Xlength_error@std@@_invalid_parameter_noinfo_noreturn
                                                                        • String ID:
                                                                        • API String ID: 520896063-0
                                                                        • Opcode ID: 00e7f283a68eb5c7df98eba6ce67098fd98309e64a71f768f336be69bec235c7
                                                                        • Instruction ID: 1c6aaff081d5c24b27f98cf66efb0891e422972eca2fcf702bb4ac4dc9e08bab
                                                                        • Opcode Fuzzy Hash: 00e7f283a68eb5c7df98eba6ce67098fd98309e64a71f768f336be69bec235c7
                                                                        • Instruction Fuzzy Hash: E641E531A00118AFCB15DF6DDC90AEDBBA9FF85320B60822AF869D7351D7319E54CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091F3C0 Relevance: 9.1, APIs: 6, Instructions: 130COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP140(?,?,EB0B5FE6), ref: 0091F467
                                                                        • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z.MSVCP140(?,?,00000000,?,EB0B5FE6), ref: 0091F490
                                                                        • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z.MSVCP140(?), ref: 0091F4B7
                                                                        • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(00000004,00000000,?,?,?,?,?,?,?,0095899D,000000FF), ref: 0091F517
                                                                        • ?uncaught_exception@std@@YA_NXZ.MSVCP140(?,?,?,?,?,?,?,0095899D,000000FF), ref: 0091F524
                                                                        • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP140(?,?,?,?,?,?,?,0095899D,000000FF), ref: 0091F530
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@
                                                                        • String ID:
                                                                        • API String ID: 3901553425-0
                                                                        • Opcode ID: b28767f4f851d6b04563de8b701d90d35c48bedb8901296c531d1944385ae9f3
                                                                        • Instruction ID: 3e79e420fc7e84723c2d78007ed73498bc8cc508a18aaddc4d4fdac483cf23bc
                                                                        • Opcode Fuzzy Hash: b28767f4f851d6b04563de8b701d90d35c48bedb8901296c531d1944385ae9f3
                                                                        • Instruction Fuzzy Hash: 5151B175A04608CFCB14CF54C4A4BAABBB5FF45314F2541A9E9165B3E2C735DD82CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00915AC0 Relevance: 9.1, APIs: 6, Instructions: 120COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?createData@QMapDataBase@@SAPAU1@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915AF9
                                                                        • ??1QString@@QAE@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915B47
                                                                        • ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z.QT5CORE(?,00000004,?,6766F990,?,?,009119A1,?,?), ref: 00915B6C
                                                                        • ?freeData@QMapDataBase@@SAXPAU1@@Z.QT5CORE(00000000,?,6766F990,?,?,009119A1,?,?), ref: 00915B73
                                                                        • ?recalcMostLeftNode@QMapDataBase@@QAEXXZ.QT5CORE(?,?,009119A1,?,?), ref: 00915B83
                                                                        • ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(009119A5,?,6766F990,?,?,009119A1), ref: 00915BCE
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Base@@$Data$?freeData@String@@$?create?recalcLeftMostNodeNode@Tree@U1@@V0@@
                                                                        • String ID:
                                                                        • API String ID: 2836214128-0
                                                                        • Opcode ID: 68889530fa3284eddb6408f3cf7cf18447690210756709f5ddb6d1546ab00bc5
                                                                        • Instruction ID: a5606687b85409708ed38d3579fb0f6a292f20ab3c3427f980313ac93f7ae672
                                                                        • Opcode Fuzzy Hash: 68889530fa3284eddb6408f3cf7cf18447690210756709f5ddb6d1546ab00bc5
                                                                        • Instruction Fuzzy Hash: C5419035B04A09DFCB14CF59C88499AF7B9FF8832071B8599E8559B351D731ED80CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 009194A0 Relevance: 9.1, APIs: 6, Instructions: 53COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ??0QStyleOption@@QAE@HH@Z.QT5WIDGETS(00000001,00000000,EB0B5FE6), ref: 009194CF
                                                                        • ?init@QStyleOption@@QAEXPBVQWidget@@@Z.QT5WIDGETS ref: 009194E0
                                                                        • ??0QPainter@@QAE@PAVQPaintDevice@@@Z.QT5GUI ref: 009194F5
                                                                        • ?style@QWidget@@QBEPAVQStyle@@XZ.QT5WIDGETS ref: 00919501
                                                                        • ??1QPainter@@QAE@XZ.QT5GUI ref: 0091951C
                                                                        • ??1QStyleOption@@QAE@XZ.QT5WIDGETS ref: 00919525
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Option@@Style$Painter@@$?init@?style@Device@@@PaintStyle@@Widget@@Widget@@@
                                                                        • String ID:
                                                                        • API String ID: 334283820-0
                                                                        • Opcode ID: c83df0a1d4625c4fbd7f7784dffefba5dbb77ce5ee85b4d3ea17eb7c9f7bd5d9
                                                                        • Instruction ID: df8e289bb4c707c13262c6cfc326988bfa88e1d00c3a5c2a9dba5feeb5404461
                                                                        • Opcode Fuzzy Hash: c83df0a1d4625c4fbd7f7784dffefba5dbb77ce5ee85b4d3ea17eb7c9f7bd5d9
                                                                        • Instruction Fuzzy Hash: E4114271524259EFDB08CBA5DC59FADB7B8FB08705F00415DE813932D0EB756A04CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00919590 Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?toLatin1@QString@@QGBE?AVQByteArray@@XZ.QT5CORE(?,EB0B5FE6,?,?,?,00957B47,000000FF), ref: 009195BD
                                                                        • ?data@QByteArray@@QAEPADXZ.QT5CORE(?,?,?,00957B47,000000FF), ref: 009195CC
                                                                        • ?tr@QMetaObject@@QBE?AVQString@@PBD0H@Z.QT5CORE(?,00000000,00000000,000000FF,?,?,?,00957B47,000000FF), ref: 009195E0
                                                                        • ?setText@QLabel@@QAEXABVQString@@@Z.QT5WIDGETS(?,?,?,?,00957B47,000000FF), ref: 009195F1
                                                                        • ??1QString@@QAE@XZ.QT5CORE(?,?,?,00957B47,000000FF), ref: 009195FA
                                                                        • ??1QByteArray@@QAE@XZ.QT5CORE(?,?,?,00957B47,000000FF), ref: 00919603
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Array@@ByteString@@$?data@?set?tr@Label@@Latin1@MetaObject@@String@@@Text@
                                                                        • String ID:
                                                                        • API String ID: 3054899244-0
                                                                        • Opcode ID: 0e06d68c22c3661f4c9561e97d0980f5af083bb90c24a6b2813d6f706c0ff2b4
                                                                        • Instruction ID: 67b87aeb9b60f04cdf5e0d11265bac79584c2b1648f1abd6ccbc4c29d851d2e6
                                                                        • Opcode Fuzzy Hash: 0e06d68c22c3661f4c9561e97d0980f5af083bb90c24a6b2813d6f706c0ff2b4
                                                                        • Instruction Fuzzy Hash: 45016D71518249EFCB08CF94DC48FA9BBBCFB08315F00462AE826D36D0DB716A04CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00919450 Relevance: 9.0, APIs: 6, Instructions: 30COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?height@QWidget@@QBEHXZ.QT5WIDGETS ref: 00919462
                                                                        • ?width@QWidget@@QBEHXZ.QT5WIDGETS(00000001), ref: 0091946C
                                                                        • ?resize@QWidget@@QAEXHH@Z.QT5WIDGETS(00000001), ref: 00919476
                                                                        • ?height@QWidget@@QBEHXZ.QT5WIDGETS ref: 0091947E
                                                                        • ?width@QWidget@@QBEHXZ.QT5WIDGETS(-00000001), ref: 00919488
                                                                        • ?resize@QWidget@@QAEXHH@Z.QT5WIDGETS(-00000001), ref: 00919492
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Widget@@$?height@?resize@?width@
                                                                        • String ID:
                                                                        • API String ID: 3996272852-0
                                                                        • Opcode ID: 931765aae0b74f8e841a69b315175ffe7ea12c85cb3eac4facef9d8a09da8031
                                                                        • Instruction ID: 77dedfc4b1a3886397abf734b0d02274b2e83e6ff5db44434680a84399b90808
                                                                        • Opcode Fuzzy Hash: 931765aae0b74f8e841a69b315175ffe7ea12c85cb3eac4facef9d8a09da8031
                                                                        • Instruction Fuzzy Hash: 35E03930B283249BDE18ABBAA81C99E3FADEB5C7237404455F00AC3250CE358A4097A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 009378F0 Relevance: 7.6, APIs: 5, Instructions: 133COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • memmove.VCRUNTIME140(00000000,?,?), ref: 009379BE
                                                                          • Part of subcall function 00955C76: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,009158C7,00000008,?,?,?,?,00956C6D,000000FF), ref: 00955C8B
                                                                        • memmove.VCRUNTIME140(00000000,?,?), ref: 009379CD
                                                                        • memmove.VCRUNTIME140(?,?,?,00000000,?,?), ref: 009379E3
                                                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00937A3A
                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00937A40
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
                                                                        • String ID:
                                                                        • API String ID: 2075926362-0
                                                                        • Opcode ID: 4e2654ae878a6d4e0d769860c607ef16e4fedbaef8d6bf57a79268ae66d691f6
                                                                        • Instruction ID: 54b8ba4fbb1cf56ecd4fc09f4719f0030522ef989d2e30e472c5d44731a4ab24
                                                                        • Opcode Fuzzy Hash: 4e2654ae878a6d4e0d769860c607ef16e4fedbaef8d6bf57a79268ae66d691f6
                                                                        • Instruction Fuzzy Hash: 2B41E4B2A045069FD718DFA8CC8596DF7A9EB88310B24872CF815C7395EB30EE55CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00956AB0 Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetCommandLineW.KERNEL32(00000001), ref: 00956AC1
                                                                        • CommandLineToArgvW.SHELL32(00000000), ref: 00956AC8
                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,00910000), ref: 00956B33
                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 00956B53
                                                                        • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,00910000,00000000,00000000,00000000,0096D370,00000014), ref: 00956B85
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: ByteCharCommandLineMultiWide$ArgvFreeLocal
                                                                        • String ID:
                                                                        • API String ID: 4060259846-0
                                                                        • Opcode ID: 40110a6447819bc4deb74bd64183b8f34f582556bb4e20cd70716afab1d87795
                                                                        • Instruction ID: 055ef88923b2ecff507b26fd596f9a2bab25fce6fee358d660f93e67e5c6416e
                                                                        • Opcode Fuzzy Hash: 40110a6447819bc4deb74bd64183b8f34f582556bb4e20cd70716afab1d87795
                                                                        • Instruction Fuzzy Hash: C5319C70608305AFEB10EF699C45B1B77A8EF84712F50092CFA56DB2C1E771AD088B62
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00919730 Relevance: 7.6, APIs: 5, Instructions: 82COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?devicePixelRatioF@QPaintDevice@@QBENXZ.QT5GUI(?,?,?,00000000,EB0B5FE6), ref: 009197B4
                                                                        • ?width@QWidget@@QBEHXZ.QT5WIDGETS(?,?,?,00000000,EB0B5FE6), ref: 009197BF
                                                                        • ?devicePixelRatioF@QPaintDevice@@QBENXZ.QT5GUI(?,?,?,00000000,EB0B5FE6), ref: 009197DA
                                                                        • ?height@QWidget@@QBEHXZ.QT5WIDGETS(?,?,?,00000000,EB0B5FE6), ref: 009197E5
                                                                        • SetWindowPos.USER32(00000000,00000000,00000003,00000000,00000000,00000000,00002404,?,?,?,00000000,EB0B5FE6), ref: 00919823
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: ?deviceDevice@@PaintPixelRatioWidget@@$?height@?width@Window
                                                                        • String ID:
                                                                        • API String ID: 2971223664-0
                                                                        • Opcode ID: 970c6fd892e817af8b978c28fbb20129588afb3e239e82146554466617209c01
                                                                        • Instruction ID: d13e89c490dc062c202b86356f8029854512b4a993ce3e5357ce64415c9b8b79
                                                                        • Opcode Fuzzy Hash: 970c6fd892e817af8b978c28fbb20129588afb3e239e82146554466617209c01
                                                                        • Instruction Fuzzy Hash: 0431E770614B08DFDB05CF75D954BAEFB78FF49315F048269E506A7290EB319881CB40
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 009231C0 Relevance: 7.6, APIs: 5, Instructions: 65timeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?hide@QWidget@@QAEXXZ.QT5WIDGETS ref: 0092320E
                                                                        • ?deleteLater@QObject@@QAEXXZ.QT5CORE ref: 00923217
                                                                        • ?isActiveWindow@QWidget@@QBE_NXZ.QT5WIDGETS ref: 00923236
                                                                        • ?defaultTypeFor@QTimer@@CA?AW4TimerType@Qt@@H@Z.QT5CORE(000001F4), ref: 00923246
                                                                        • ?singleShotImpl@QTimer@@CAXHW4TimerType@Qt@@PBVQObject@@PAVQSlotObjectBase@QtPrivate@@@Z.QT5CORE(000001F4,00000000,?,00000000,0000000C), ref: 00923270
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Object@@Qt@@TimerTimer@@Type@Widget@@$?default?delete?hide@?singleActiveBase@For@Impl@Later@ObjectPrivate@@@ShotSlotTypeWindow@
                                                                        • String ID:
                                                                        • API String ID: 1756350731-0
                                                                        • Opcode ID: 5e3e87ea6ee4bd0ca7b6d7f0e675649afe76efee14f95aaea5be3f174ebaa577
                                                                        • Instruction ID: 44ffaa3746a5b2391bbc874c2bba5e9caf2db3ba4e0719b0075c86b16403a180
                                                                        • Opcode Fuzzy Hash: 5e3e87ea6ee4bd0ca7b6d7f0e675649afe76efee14f95aaea5be3f174ebaa577
                                                                        • Instruction Fuzzy Hash: CF116A31104350ABD7449F6AF808B65FB9DBF82311F04C25EE52887591C7799568D7B1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091C1C0 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?begin@QListData@@QBEPAPAXXZ.QT5CORE(EB0B5FE6,?,?,009606C0,?), ref: 0091C1F0
                                                                        • ?detach@QListData@@QAEPAUData@1@H@Z.QT5CORE(?), ref: 0091C1FD
                                                                        • ?end@QListData@@QBEPAPAXXZ.QT5CORE(00000000), ref: 0091C212
                                                                        • ?begin@QListData@@QBEPAPAXXZ.QT5CORE(00000000), ref: 0091C21B
                                                                          • Part of subcall function 0091C8D0: memmove.VCRUNTIME140(?,?,?,?,0091C303,00000000), ref: 0091C8EF
                                                                        • ?dispose@QListData@@SAXPAUData@1@@Z.QT5CORE(00000000,00000000), ref: 0091C24B
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Data@@List$?begin@$?detach@?dispose@?end@Data@1@Data@1@@memmove
                                                                        • String ID:
                                                                        • API String ID: 3563592617-0
                                                                        • Opcode ID: b87b31cd13e20e7e7f6caa9fdfccb2055912f4f8e01303c0969a5dd959c03513
                                                                        • Instruction ID: 99a2ea6c74743607726da709aa89171f885c0f25d82f5cae53d7d64149b70f5c
                                                                        • Opcode Fuzzy Hash: b87b31cd13e20e7e7f6caa9fdfccb2055912f4f8e01303c0969a5dd959c03513
                                                                        • Instruction Fuzzy Hash: 2F11C8B1604608ABCB148F69DC4876EBBADEB48331F10471AF435D32D0DB3559059B91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00919840 Relevance: 7.6, APIs: 5, Instructions: 52COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ??0QDialog@@QAE@PAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS(00000000,00000000,EB0B5FE6,?,?,?,00957C0E,000000FF), ref: 0091986D
                                                                        • ??0QByteArray@@QAE@XZ.QT5CORE(?,?,?,00957C0E,000000FF), ref: 0091988A
                                                                        • ??0QByteArray@@QAE@XZ.QT5CORE(?,?,?,00957C0E,000000FF), ref: 00919893
                                                                        • ??0QByteArray@@QAE@XZ.QT5CORE(?,?,?,00957C0E,000000FF), ref: 0091989C
                                                                        • ??0QByteArray@@QAE@XZ.QT5CORE(?,?,?,00957C0E,000000FF), ref: 009198A5
                                                                          • Part of subcall function 00919AB0: ?instance@FileWatcher@@SAPAV1@XZ.BLAUNCHER(?,EB0B5FE6), ref: 00919AF9
                                                                          • Part of subcall function 00919AB0: ?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PBV1@PAPAX01PAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PBHPBU3@@Z.QT5CORE(?,00000000,?,?,0091AB60,00000000,00000000,00000000,00000010,?,EB0B5FE6), ref: 00919B3D
                                                                          • Part of subcall function 00919AB0: ??1Connection@QMetaObject@@QAE@XZ.QT5CORE ref: 00919B49
                                                                          • Part of subcall function 00919AB0: ?setWindowFlags@QWidget@@QAEXV?$QFlags@W4WindowType@Qt@@@@@Z.QT5WIDGETS(009606C0), ref: 00919B5D
                                                                          • Part of subcall function 00919AB0: ?setFocusPolicy@QWidget@@QAEXW4FocusPolicy@Qt@@@Z.QT5WIDGETS(0000000B), ref: 00919B67
                                                                          • Part of subcall function 00919AB0: ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(QDialog{background-color: #1B1E2C;},00000023), ref: 00919B7A
                                                                          • Part of subcall function 00919AB0: ?setStyleSheet@QWidget@@QAEXABVQString@@@Z.QT5WIDGETS(?), ref: 00919B95
                                                                          • Part of subcall function 00919AB0: ??1QString@@QAE@XZ.QT5CORE ref: 00919BA1
                                                                          • Part of subcall function 00919AB0: ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(background-color: transparent;,0000001E), ref: 00919BAE
                                                                          • Part of subcall function 00919AB0: ?setStyleSheet@QWidget@@QAEXABVQString@@@Z.QT5WIDGETS(?), ref: 00919BC4
                                                                          • Part of subcall function 00919AB0: ??1QString@@QAE@XZ.QT5CORE ref: 00919BD0
                                                                          • Part of subcall function 00919AB0: ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(background-color: #252A3E;,0000001A), ref: 00919BDD
                                                                          • Part of subcall function 00919AB0: ?setStyleSheet@QWidget@@QAEXABVQString@@@Z.QT5WIDGETS(?), ref: 00919BF3
                                                                          • Part of subcall function 00919AB0: ??1QString@@QAE@XZ.QT5CORE ref: 00919BFF
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: String@@Widget@@$?set$Array@@Byte$?fromArrayAscii_helper@Data@Flags@Object@@Sheet@String@@@StyleType@TypedWindow$Connection@FocusMetaPolicy@Qt@@@@@$?connect?instance@Base@ConnectionDialog@@FileImpl@ObjectPrivate@@Qt@@Qt@@@SlotU3@@Watcher@@
                                                                        • String ID:
                                                                        • API String ID: 2086671030-0
                                                                        • Opcode ID: 53f32ad5a02644bb9d7b506fa74ceadd46d3f451f610aa7e6ebe32d29ffb1267
                                                                        • Instruction ID: ded66f42f41641ea455076291a7bbfb7d4947f046a92085afe689d163d1124bf
                                                                        • Opcode Fuzzy Hash: 53f32ad5a02644bb9d7b506fa74ceadd46d3f451f610aa7e6ebe32d29ffb1267
                                                                        • Instruction Fuzzy Hash: 76118B71114789EFC724CF15D944B9ABBF8FB04718F10855EE85A83690DBB6A609CF90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00915FC0 Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?sender@QObject@@IBEPAV1@XZ.QT5CORE(EB0B5FE6), ref: 00915FE8
                                                                        • ??0QTextStream@@QAE@PAVQIODevice@@@Z.QT5CORE(00000000), ref: 00915FF6
                                                                        • ?readAll@QTextStream@@QAE?AVQString@@XZ.QT5CORE(?), ref: 0091600A
                                                                          • Part of subcall function 00923760: ?activate@QMetaObject@@SAXPAVQObject@@PBU1@HPAPAX@Z.QT5CORE(?,009751AC,00000000,?), ref: 0092377F
                                                                        • ??1QString@@QAE@XZ.QT5CORE(?), ref: 00916022
                                                                        • ??1QTextStream@@UAE@XZ.QT5CORE ref: 0091602B
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Object@@Stream@@Text$String@@$?activate@?read?sender@All@Device@@@Meta
                                                                        • String ID:
                                                                        • API String ID: 1429694159-0
                                                                        • Opcode ID: 86203c6a55d5417fc07d0ee276c0be5df2cafbce704e5d1b57e5c833d0274748
                                                                        • Instruction ID: 3fe83aa2c8fb441301ecc03ac82c975fef719f424d41d1714df2686a604af202
                                                                        • Opcode Fuzzy Hash: 86203c6a55d5417fc07d0ee276c0be5df2cafbce704e5d1b57e5c833d0274748
                                                                        • Instruction Fuzzy Hash: 7C015E7191825A9FCB18DB65DC45BEEBBBCFB04715F00426AF812A3290DB756A04CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00919A30 Relevance: 7.5, APIs: 5, Instructions: 24COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00919A39
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00919A42
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00919A4B
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 00919A54
                                                                        • ??1QDialog@@UAE@XZ.QT5WIDGETS ref: 00919A5C
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: String@@$Dialog@@
                                                                        • String ID:
                                                                        • API String ID: 3971980036-0
                                                                        • Opcode ID: b67d4937ba740df708991af3985319bb3dbec36642d4149ba5749f7d97ccd412
                                                                        • Instruction ID: e90f7b880d9c17fc78abe19ae1638f76897d363631aba4eda865295e43423239
                                                                        • Opcode Fuzzy Hash: b67d4937ba740df708991af3985319bb3dbec36642d4149ba5749f7d97ccd412
                                                                        • Instruction Fuzzy Hash: 11E065312147194BD71CAB26EC19A997B64AF11B17F00006DE543425B0EE736B89DBD8
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091D600 Relevance: 7.5, APIs: 5, Instructions: 15COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091D606
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091D60F
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091D618
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091D621
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091D62A
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: String@@
                                                                        • String ID:
                                                                        • API String ID: 1688221058-0
                                                                        • Opcode ID: 6b8bbff2e3848b8a159a2086c3068857c986be7310a9ecfaecd2126d94bbe37d
                                                                        • Instruction ID: efe7caf3544cfe720f4e1efa5b34e11d2df6c11e41b11342eb286f3a633370c2
                                                                        • Opcode Fuzzy Hash: 6b8bbff2e3848b8a159a2086c3068857c986be7310a9ecfaecd2126d94bbe37d
                                                                        • Instruction Fuzzy Hash: E9E09230028716CBD72C9F12E858899B770AA11A17B0045AD9053834B4EB316A89DB84
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091FD10 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 236COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • memmove.VCRUNTIME140(00000005,?,?,?,?,?,?,EB0B5FE6), ref: 0091FE2A
                                                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(;base64,,00000008,?,?,?,?,?,?,EB0B5FE6), ref: 0091FF1F
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: _invalid_parameter_noinfo_noreturnmemmove
                                                                        • String ID: ;base64,$data:
                                                                        • API String ID: 4032823789-1991589902
                                                                        • Opcode ID: 8232b92382e31f115e9f32d9863d00eb88634fa3d6a9f36283d222ba7f086ac3
                                                                        • Instruction ID: dfc3a4a7291e5e92c93ea20d52fb506aaeb8101444e313ee424961ac12b5ccab
                                                                        • Opcode Fuzzy Hash: 8232b92382e31f115e9f32d9863d00eb88634fa3d6a9f36283d222ba7f086ac3
                                                                        • Instruction Fuzzy Hash: 9791FE71E0024D9FEB14DFA8C854BDDBBB5EF89314F244269E814AB392DB719984CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0147114F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetFullPathNameW.KERNEL32(?,00000000,00000000,?,00000000,Function_00012580,?,01471130), ref: 014711BB
                                                                        • GetFullPathNameW.KERNEL32(?,00000000,?,?,?,00000000,00000000,?,00000000,Function_00012580,?,01471130), ref: 014711E5
                                                                        • GetLastError.KERNEL32(?,00000000,?,?,?,00000000,00000000,?,00000000,Function_00012580,?,01471130), ref: 014711F0
                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000,00000000,Function_00012580,?,01471130), ref: 0147127E
                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000,00000000,00000000,00000000,Function_00012580,?,01471130), ref: 014712A0
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentDirectoryFullNamePath$ErrorLast
                                                                        • String ID: :
                                                                        • API String ID: 3199781413-336475711
                                                                        • Opcode ID: 0d3abe316873ba2a21644d2d31e6970b04f81624f6dae10c8c598e54308a6d00
                                                                        • Instruction ID: 77b95915e14da8c00645adb9e5c901242dae62a7d48e626566667aa8eaf949d5
                                                                        • Opcode Fuzzy Hash: 0d3abe316873ba2a21644d2d31e6970b04f81624f6dae10c8c598e54308a6d00
                                                                        • Instruction Fuzzy Hash: 9B219370A0021A9EDB00DFE5C850BEFB7B8EF69618F10456BD410F72A4D7B45A05C7A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00914E30 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(0095EC24), ref: 00914E6D
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(0095EC50,00000002), ref: 00914E87
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(APK,00000003), ref: 00914E9E
                                                                          • Part of subcall function 00915AC0: ?createData@QMapDataBase@@SAPAU1@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915AF9
                                                                          • Part of subcall function 00915AC0: ??1QString@@QAE@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915B47
                                                                          • Part of subcall function 00915AC0: ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z.QT5CORE(?,00000004,?,6766F990,?,?,009119A1,?,?), ref: 00915B6C
                                                                          • Part of subcall function 00915AC0: ?freeData@QMapDataBase@@SAXPAU1@@Z.QT5CORE(00000000,?,6766F990,?,?,009119A1,?,?), ref: 00915B73
                                                                          • Part of subcall function 00915AC0: ?recalcMostLeftNode@QMapDataBase@@QAEXXZ.QT5CORE(?,?,009119A1,?,?), ref: 00915B83
                                                                          • Part of subcall function 00915AC0: ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(009119A5,?,6766F990,?,?,009119A1), ref: 00915BCE
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Base@@Data@String@@$Data$?fromArrayAscii_helper@Typed$?free$?create?recalcLeftMostNodeNode@Tree@U1@@V0@@
                                                                        • String ID: APK
                                                                        • API String ID: 3312678683-3584883625
                                                                        • Opcode ID: 2f569ddd16b3219741c8601e51e8a0980f2e8e99275944b37121667ee90d4c25
                                                                        • Instruction ID: 5e457e459b596753b52f1af38ea869226007e974a32326e80189ca0324dd3ddc
                                                                        • Opcode Fuzzy Hash: 2f569ddd16b3219741c8601e51e8a0980f2e8e99275944b37121667ee90d4c25
                                                                        • Instruction Fuzzy Hash: AF11A271D44348ABDB10DFA5CC06BEDBBB8FB44714F40455AE815B72C1DBB51608CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 009137A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(0095EC24), ref: 009137DD
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(0095EC50,00000002), ref: 009137F7
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(APK,00000003), ref: 0091380E
                                                                          • Part of subcall function 00915AC0: ?createData@QMapDataBase@@SAPAU1@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915AF9
                                                                          • Part of subcall function 00915AC0: ??1QString@@QAE@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915B47
                                                                          • Part of subcall function 00915AC0: ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z.QT5CORE(?,00000004,?,6766F990,?,?,009119A1,?,?), ref: 00915B6C
                                                                          • Part of subcall function 00915AC0: ?freeData@QMapDataBase@@SAXPAU1@@Z.QT5CORE(00000000,?,6766F990,?,?,009119A1,?,?), ref: 00915B73
                                                                          • Part of subcall function 00915AC0: ?recalcMostLeftNode@QMapDataBase@@QAEXXZ.QT5CORE(?,?,009119A1,?,?), ref: 00915B83
                                                                          • Part of subcall function 00915AC0: ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(009119A5,?,6766F990,?,?,009119A1), ref: 00915BCE
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Base@@Data@String@@$Data$?fromArrayAscii_helper@Typed$?free$?create?recalcLeftMostNodeNode@Tree@U1@@V0@@
                                                                        • String ID: APK
                                                                        • API String ID: 3312678683-3584883625
                                                                        • Opcode ID: 98078eb6d62b2961be550a5ef66c226a09eb8e06d419d9eef4c9d2bd7bee3deb
                                                                        • Instruction ID: af6d397139b0333c0d6cdb784bb0a19bc683263f0df873ed86f268da4cb3138c
                                                                        • Opcode Fuzzy Hash: 98078eb6d62b2961be550a5ef66c226a09eb8e06d419d9eef4c9d2bd7bee3deb
                                                                        • Instruction Fuzzy Hash: 8C11A2B1D44308ABDB00DF95CC46BEDBBB8FB44714F50455AE815B72C1DBB55608CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 009119F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(0095EC24), ref: 00911A2D
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(0095EC50,00000002), ref: 00911A47
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(APK,00000003), ref: 00911A5E
                                                                          • Part of subcall function 00915AC0: ?createData@QMapDataBase@@SAPAU1@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915AF9
                                                                          • Part of subcall function 00915AC0: ??1QString@@QAE@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915B47
                                                                          • Part of subcall function 00915AC0: ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z.QT5CORE(?,00000004,?,6766F990,?,?,009119A1,?,?), ref: 00915B6C
                                                                          • Part of subcall function 00915AC0: ?freeData@QMapDataBase@@SAXPAU1@@Z.QT5CORE(00000000,?,6766F990,?,?,009119A1,?,?), ref: 00915B73
                                                                          • Part of subcall function 00915AC0: ?recalcMostLeftNode@QMapDataBase@@QAEXXZ.QT5CORE(?,?,009119A1,?,?), ref: 00915B83
                                                                          • Part of subcall function 00915AC0: ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(009119A5,?,6766F990,?,?,009119A1), ref: 00915BCE
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Base@@Data@String@@$Data$?fromArrayAscii_helper@Typed$?free$?create?recalcLeftMostNodeNode@Tree@U1@@V0@@
                                                                        • String ID: APK
                                                                        • API String ID: 3312678683-3584883625
                                                                        • Opcode ID: bf4c19f33e9b5d6a54e14937a8a8317e66dd0239cc18ea48c350a9e6dd323d56
                                                                        • Instruction ID: 4ba1fd01edaf2a30c25e24ca682322c0695df0bc784aa674a13feb01070fcff7
                                                                        • Opcode Fuzzy Hash: bf4c19f33e9b5d6a54e14937a8a8317e66dd0239cc18ea48c350a9e6dd323d56
                                                                        • Instruction Fuzzy Hash: 2011AFB1E44308ABDB00DFA5CC46BEEBBB8FB48714F40465AE815B72C1DBB51608CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00955D9D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • __current_exception.VCRUNTIME140 ref: 00955DDD
                                                                        • __current_exception_context.VCRUNTIME140 ref: 00955DED
                                                                        • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00955DF4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: __current_exception__current_exception_contextterminate
                                                                        • String ID: csm
                                                                        • API String ID: 2542180945-1018135373
                                                                        • Opcode ID: b45ee5025e4c54c47bd40cf8293b009dde607fc4512bd5414bef5237379c854e
                                                                        • Instruction ID: 62f3a0f469f8471251567f90cc3dcb4e5db601a4df22495550f6aca98f49c203
                                                                        • Opcode Fuzzy Hash: b45ee5025e4c54c47bd40cf8293b009dde607fc4512bd5414bef5237379c854e
                                                                        • Instruction Fuzzy Hash: 57118B31A001299FCF04CF59C491AACB7F1FF48315B1A8155E808AB302E334ED85CFA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00912040 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE ref: 00912073
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Hybrid,00000006), ref: 00912091
                                                                          • Part of subcall function 00915AC0: ?createData@QMapDataBase@@SAPAU1@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915AF9
                                                                          • Part of subcall function 00915AC0: ??1QString@@QAE@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915B47
                                                                          • Part of subcall function 00915AC0: ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z.QT5CORE(?,00000004,?,6766F990,?,?,009119A1,?,?), ref: 00915B6C
                                                                          • Part of subcall function 00915AC0: ?freeData@QMapDataBase@@SAXPAU1@@Z.QT5CORE(00000000,?,6766F990,?,?,009119A1,?,?), ref: 00915B73
                                                                          • Part of subcall function 00915AC0: ?recalcMostLeftNode@QMapDataBase@@QAEXXZ.QT5CORE(?,?,009119A1,?,?), ref: 00915B83
                                                                          • Part of subcall function 00915AC0: ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(009119A5,?,6766F990,?,?,009119A1), ref: 00915BCE
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Base@@$DataData@String@@$?free?fromArrayAscii_helper@Typed$?create?recalcLeftMostNodeNode@Tree@U1@@V0@@
                                                                        • String ID: Cloud$Hybrid
                                                                        • API String ID: 1721454842-3156095391
                                                                        • Opcode ID: a3b3bfe76a9656048d490f599f91ba442a8227155a55f5f506bb82ac01ef92c1
                                                                        • Instruction ID: 74f02daaf669d89fac1316c65a2a1c1d76f4fc040b2ae5588badaa27e55344fb
                                                                        • Opcode Fuzzy Hash: a3b3bfe76a9656048d490f599f91ba442a8227155a55f5f506bb82ac01ef92c1
                                                                        • Instruction Fuzzy Hash: CA11A1B1E48708EBEB10DF95DC06BAEB7B8FB44715F404669FC21A72C1DBB516088B91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00915480 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE ref: 009154B3
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Hybrid,00000006), ref: 009154D1
                                                                          • Part of subcall function 00915AC0: ?createData@QMapDataBase@@SAPAU1@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915AF9
                                                                          • Part of subcall function 00915AC0: ??1QString@@QAE@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915B47
                                                                          • Part of subcall function 00915AC0: ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z.QT5CORE(?,00000004,?,6766F990,?,?,009119A1,?,?), ref: 00915B6C
                                                                          • Part of subcall function 00915AC0: ?freeData@QMapDataBase@@SAXPAU1@@Z.QT5CORE(00000000,?,6766F990,?,?,009119A1,?,?), ref: 00915B73
                                                                          • Part of subcall function 00915AC0: ?recalcMostLeftNode@QMapDataBase@@QAEXXZ.QT5CORE(?,?,009119A1,?,?), ref: 00915B83
                                                                          • Part of subcall function 00915AC0: ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(009119A5,?,6766F990,?,?,009119A1), ref: 00915BCE
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Base@@$DataData@String@@$?free?fromArrayAscii_helper@Typed$?create?recalcLeftMostNodeNode@Tree@U1@@V0@@
                                                                        • String ID: Cloud$Hybrid
                                                                        • API String ID: 1721454842-3156095391
                                                                        • Opcode ID: 5bb25b3a856c79965be1df83be8d2c65630b7231c109782f844da97ead5746c5
                                                                        • Instruction ID: c585f370975554c378fe05d53352541e90458929044b715e40498ae242fc3387
                                                                        • Opcode Fuzzy Hash: 5bb25b3a856c79965be1df83be8d2c65630b7231c109782f844da97ead5746c5
                                                                        • Instruction Fuzzy Hash: 2511A1B1E48709EBEB10DF95DC06BAEB7B8FB44715F404659FC21A72C0DBB516088B91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00913DF0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE ref: 00913E23
                                                                        • ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z.QT5CORE(Hybrid,00000006), ref: 00913E41
                                                                          • Part of subcall function 00915AC0: ?createData@QMapDataBase@@SAPAU1@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915AF9
                                                                          • Part of subcall function 00915AC0: ??1QString@@QAE@XZ.QT5CORE(?,6766F990,?,?,009119A1,?,?), ref: 00915B47
                                                                          • Part of subcall function 00915AC0: ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z.QT5CORE(?,00000004,?,6766F990,?,?,009119A1,?,?), ref: 00915B6C
                                                                          • Part of subcall function 00915AC0: ?freeData@QMapDataBase@@SAXPAU1@@Z.QT5CORE(00000000,?,6766F990,?,?,009119A1,?,?), ref: 00915B73
                                                                          • Part of subcall function 00915AC0: ?recalcMostLeftNode@QMapDataBase@@QAEXXZ.QT5CORE(?,?,009119A1,?,?), ref: 00915B83
                                                                          • Part of subcall function 00915AC0: ??4QString@@QAEAAV0@ABV0@@Z.QT5CORE(009119A5,?,6766F990,?,?,009119A1), ref: 00915BCE
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Base@@$DataData@String@@$?free?fromArrayAscii_helper@Typed$?create?recalcLeftMostNodeNode@Tree@U1@@V0@@
                                                                        • String ID: Cloud$Hybrid
                                                                        • API String ID: 1721454842-3156095391
                                                                        • Opcode ID: c4b8e078ff6de34dda7abc61a3940b3c3c3f8d7514a171097a2c0b5dde36bff3
                                                                        • Instruction ID: af807b08b995156da595354312f3cf1af6bad07cb6fdcd84a86771f21a3843db
                                                                        • Opcode Fuzzy Hash: c4b8e078ff6de34dda7abc61a3940b3c3c3f8d7514a171097a2c0b5dde36bff3
                                                                        • Instruction Fuzzy Hash: BF11E5B1E44708EBDB00DF91CC06BAEB774FB40715F404659FC21A32C0DB7516088B91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00956805 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • __current_exception.VCRUNTIME140 ref: 00956844
                                                                        • __current_exception_context.VCRUNTIME140 ref: 0095684E
                                                                        • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00956855
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: __current_exception__current_exception_contextterminate
                                                                        • String ID: csm
                                                                        • API String ID: 2542180945-1018135373
                                                                        • Opcode ID: c852f1ca0a3716ccc0ca7a6bc55f40c72b17d39b5b1edff6ba5506fa226c4b74
                                                                        • Instruction ID: 596bc6945a3e0b6d688be634be4bbb17301420b588eaa407f206ac5ee3dd912d
                                                                        • Opcode Fuzzy Hash: c852f1ca0a3716ccc0ca7a6bc55f40c72b17d39b5b1edff6ba5506fa226c4b74
                                                                        • Instruction Fuzzy Hash: 81F0A0360002008B8B30DF2FD444019B7ADEE903273E8491AEE88DB711E730ED99C7D6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091D740 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?cast@QMetaObject@@QBEPAVQObject@@PAV2@@Z.QT5CORE(?), ref: 0091D769
                                                                        • ?deleteLater@QObject@@QAEXXZ.QT5CORE ref: 0091D780
                                                                        • ?deleteLater@QObject@@QAEXXZ.QT5CORE ref: 0091D87B
                                                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0091D889
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Object@@$?deleteLater@$?cast@MetaV2@@_invalid_parameter_noinfo_noreturn
                                                                        • String ID:
                                                                        • API String ID: 1016179890-0
                                                                        • Opcode ID: f5aaaffd3182c7ce4bb8fecb82e1fc4bf43ee40f80319b01014d463bc4623cc1
                                                                        • Instruction ID: 7fbc0e017ed63fde5736383f004ebe2767d967b55ac542f138e1e3d3a9ca3d39
                                                                        • Opcode Fuzzy Hash: f5aaaffd3182c7ce4bb8fecb82e1fc4bf43ee40f80319b01014d463bc4623cc1
                                                                        • Instruction Fuzzy Hash: EF419BB2A01609DFCB14DF59D8849AAFBF9FF48310B148599E819A7351D731EE80CBE0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091CBA0 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?begin@QListData@@QBEPAPAXXZ.QT5CORE(00000005,EB0B5FE6,67781AD0,?,?,00000005), ref: 0091CC03
                                                                        • ?end@QListData@@QBEPAPAXXZ.QT5CORE(?,00000005), ref: 0091CC2A
                                                                        • ??0QRubberBand@@QAE@W4Shape@0@PAVQWidget@@@Z.QT5WIDGETS(00000001,00000000,?,00000005), ref: 0091CC7D
                                                                          • Part of subcall function 0091C1C0: ?begin@QListData@@QBEPAPAXXZ.QT5CORE(EB0B5FE6,?,?,009606C0,?), ref: 0091C1F0
                                                                          • Part of subcall function 0091C1C0: ?detach@QListData@@QAEPAUData@1@H@Z.QT5CORE(?), ref: 0091C1FD
                                                                          • Part of subcall function 0091C1C0: ?end@QListData@@QBEPAPAXXZ.QT5CORE(00000000), ref: 0091C212
                                                                          • Part of subcall function 0091C1C0: ?begin@QListData@@QBEPAPAXXZ.QT5CORE(00000000), ref: 0091C21B
                                                                          • Part of subcall function 0091C1C0: ?dispose@QListData@@SAXPAUData@1@@Z.QT5CORE(00000000,00000000), ref: 0091C24B
                                                                        • ?dispose@QListData@@SAXPAUData@1@@Z.QT5CORE(00000005,?,00000005), ref: 0091CCC9
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Data@@List$?begin@$?dispose@?end@Data@1@@$?detach@Band@@Data@1@RubberShape@0@Widget@@@
                                                                        • String ID:
                                                                        • API String ID: 513894086-0
                                                                        • Opcode ID: bb592335198235d289205d5dafd4cdb7da3aeaadb16c92438ea9ac5ed3887194
                                                                        • Instruction ID: 4b0dc8f8c4888869eafed7e6412a343b0d6a812591efcdfb69bace1563cbe560
                                                                        • Opcode Fuzzy Hash: bb592335198235d289205d5dafd4cdb7da3aeaadb16c92438ea9ac5ed3887194
                                                                        • Instruction Fuzzy Hash: 12417CB1640248EFDB10CF18C884B99BBA8FF45364F148569E8998B2A1D771EE85CBD0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091C920 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?left@QRect@@QBEHXZ.QT5CORE(00000000,?,?,?,?,?), ref: 0091C947
                                                                        • ?top@QRect@@QBEHXZ.QT5CORE(?,?,?,?,?), ref: 0091C952
                                                                        • ?width@QRect@@QBEHXZ.QT5CORE(?,?,?,?,?), ref: 0091C95D
                                                                        • ?height@QRect@@QBEHXZ.QT5CORE(?,?,?,?,?), ref: 0091C968
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Rect@@$?height@?left@?top@?width@
                                                                        • String ID:
                                                                        • API String ID: 3303093870-0
                                                                        • Opcode ID: c6792fce45a4d398268a2e86be69c0d78cdd3f775c166ff02cf4a71486880542
                                                                        • Instruction ID: 877e1b4ee5bd33f735999e794446050350622ea9464581688e71474a9e180ff1
                                                                        • Opcode Fuzzy Hash: c6792fce45a4d398268a2e86be69c0d78cdd3f775c166ff02cf4a71486880542
                                                                        • Instruction Fuzzy Hash: EC31A1B271461A9FCB08CF6CD89569CBBE4FF84301F248029D80ADB351E7B1AD90DB85
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0092DB90 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,EB0B5FE6,00000000), ref: 0092DC0F
                                                                        • SetLastError.KERNEL32(?,?,?,EB0B5FE6,00000000), ref: 0092DC25
                                                                        • ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(?,?,EB0B5FE6,00000000), ref: 0092DC51
                                                                        • ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140(?,?,EB0B5FE6,00000000), ref: 0092DC5A
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: D@std@@@std@@U?$char_traits@$??1?$basic_ios@??1?$basic_ostream@ErrorLast_invalid_parameter_noinfo_noreturn
                                                                        • String ID:
                                                                        • API String ID: 3273387899-0
                                                                        • Opcode ID: e1c956bf8fc2477dae16f762b76a63cf9140cd9c949b613195c7bb567bf26259
                                                                        • Instruction ID: ba98a37171a8e327ab2bfec333be858f119d3fc0ce6d2e60935e3916c74377c5
                                                                        • Opcode Fuzzy Hash: e1c956bf8fc2477dae16f762b76a63cf9140cd9c949b613195c7bb567bf26259
                                                                        • Instruction Fuzzy Hash: 0D21EF31A14B08DFDB24DF64DC84A9EBBB5FF48310F40852DE866936A1DB31EA84CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00915C10 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ??0QObject@@QAE@PAV0@@Z.QT5CORE(?,EB0B5FE6), ref: 00915C3F
                                                                          • Part of subcall function 00955C76: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,009158C7,00000008,?,?,?,?,00956C6D,000000FF), ref: 00955C8B
                                                                        • ??0QLocalServer@@QAE@PAVQObject@@@Z.QT5NETWORK(00000000), ref: 00915C69
                                                                          • Part of subcall function 00955C76: _callnewh.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,009158C7,00000008,?,?,?,?,00956C6D,000000FF), ref: 00955C7E
                                                                          • Part of subcall function 00955C76: _CxxThrowException.VCRUNTIME140(?,0096D38C), ref: 009562DD
                                                                        • ?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PBV1@PAPAX01PAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PBHPBU3@@Z.QT5CORE(?,00000000,?,?,00915F40,00000000,00000000,00000000,0000000C), ref: 00915CC1
                                                                        • ??1Connection@QMetaObject@@QAE@XZ.QT5CORE ref: 00915CCD
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Object@@$Connection@Meta$?connectBase@ConnectionExceptionImpl@LocalObjectObject@@@Private@@Qt@@Server@@SlotThrowType@U3@@V0@@_callnewhmalloc
                                                                        • String ID:
                                                                        • API String ID: 788824000-0
                                                                        • Opcode ID: 97a52092c2fdb4a9966efd1ec660783cd210954294b557b8510600ed60b85ce0
                                                                        • Instruction ID: 8f38179b973c5e3bec8bc085764def4656545da21f79bdb438fb6356c98cb858
                                                                        • Opcode Fuzzy Hash: 97a52092c2fdb4a9966efd1ec660783cd210954294b557b8510600ed60b85ce0
                                                                        • Instruction Fuzzy Hash: 2D218CB1904308EFDB10CF56DC09B9ABFF8FB44711F10816AF9059B2A1D7B2AA44CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 009159E0 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?toStdString@QString@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ.QT5CORE(?,EB0B5FE6), ref: 00915A12
                                                                        • ?write@QIODevice@@QAE_JPBD@Z.QT5CORE(00000000), ref: 00915A2B
                                                                        • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00915A5E
                                                                        • ?flush@QLocalSocket@@QAE_NXZ.QT5NETWORK(?,?,?,?,?,?,?,?,00956C9D,000000FF), ref: 00915A83
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: ?flush@?write@D@2@@std@@D@std@@Device@@LocalSocket@@String@String@@U?$char_traits@V?$allocator@V?$basic_string@_invalid_parameter_noinfo_noreturn
                                                                        • String ID:
                                                                        • API String ID: 3259020241-0
                                                                        • Opcode ID: fc854a4b35eb2d58a2f42d905765b0e87ba38f066ad01f67be708ac39c92550c
                                                                        • Instruction ID: 9d699d5c5dae206f69016de270d8549a29db7433f8e18248de4601037449703c
                                                                        • Opcode Fuzzy Hash: fc854a4b35eb2d58a2f42d905765b0e87ba38f066ad01f67be708ac39c92550c
                                                                        • Instruction Fuzzy Hash: C021F571A04709CFDB18DF64D888B9EBBB5FF48321F514659E412973E0CB34AA80CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 01470280 Relevance: 6.1, APIs: 4, Instructions: 54fileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 01470296
                                                                        • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 0147029F
                                                                        • GetConsoleMode.KERNEL32(?,?,?,?,?,?,00000000), ref: 014702B8
                                                                        • GetConsoleOutputCP.KERNEL32(?,?,?,?,?,?,00000000), ref: 014702C3
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Console$ErrorFileLastModeOutputWrite
                                                                        • String ID:
                                                                        • API String ID: 1666348767-0
                                                                        • Opcode ID: 5c19fa681b1860a342aecafa9991d62d1c1af7ac09a1960408239c4e98f5f7b7
                                                                        • Instruction ID: 54f42ffd1386c955ae1f004bbe6aaa9750f76dcc4a2022452f9502ca7f5c3736
                                                                        • Opcode Fuzzy Hash: 5c19fa681b1860a342aecafa9991d62d1c1af7ac09a1960408239c4e98f5f7b7
                                                                        • Instruction Fuzzy Hash: 6301A773982116A6AB209BBD8A44DFFBA9CDB176D4F140557BE00D3634D9F4FE0042A6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091C385 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?begin@QListData@@QBEPAPAXXZ.QT5CORE ref: 0091C38A
                                                                        • ?begin@QListData@@QBEPAPAXXZ.QT5CORE(00000000), ref: 0091C399
                                                                        • ?dispose@QListData@@QAEXXZ.QT5CORE(00000000), ref: 0091C3A9
                                                                        • _CxxThrowException.VCRUNTIME140(00000000,00000000), ref: 0091C3B8
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: Data@@List$?begin@$?dispose@ExceptionThrow
                                                                        • String ID:
                                                                        • API String ID: 1051636472-0
                                                                        • Opcode ID: d630c422a576b2ba9d95ca0209fdae6f026c0034a3f245726eabccfaacc3e53d
                                                                        • Instruction ID: 2d18e056239c05f363e7f1dad70bcb1b7610be7ee2628b7021c218e43a166982
                                                                        • Opcode Fuzzy Hash: d630c422a576b2ba9d95ca0209fdae6f026c0034a3f245726eabccfaacc3e53d
                                                                        • Instruction Fuzzy Hash: 85F0F4B86002099FCB04DF65D469B59BBF9FB48715F14C159E9198B381CB36EE82CB81
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091D6B0 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ??0QString@@QAE@ABV0@@Z.QT5CORE(?), ref: 0091D6E5
                                                                        • ?fromUtf8@QString@@SA?AV1@PBDH@Z.QT5CORE(000000FF,00000000,000000FF), ref: 0091D702
                                                                        • ?append@QString@@QAEAAV1@ABV1@@Z.QT5CORE(00000000), ref: 0091D715
                                                                        • ??1QString@@QAE@XZ.QT5CORE ref: 0091D71E
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: String@@$?append@?fromUtf8@V0@@V1@@
                                                                        • String ID:
                                                                        • API String ID: 3652567686-0
                                                                        • Opcode ID: 14f88ae567dcbcf843701a9a105b662f565f23712567b31564f47be368128ef8
                                                                        • Instruction ID: d56ad0c58bd4d8a62065f1c0984d334da5eca8eab7af9ea35a93911b048ddf41
                                                                        • Opcode Fuzzy Hash: 14f88ae567dcbcf843701a9a105b662f565f23712567b31564f47be368128ef8
                                                                        • Instruction Fuzzy Hash: AA017C71918219EFDB08CF48DC04B9EBBB8FB08725F10425AE825A3390DBB65A048B90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0091AB00 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ?windowState@QWidget@@QBE?AV?$QFlags@W4WindowState@Qt@@@@XZ.QT5WIDGETS(?), ref: 0091AB1C
                                                                        • ?setWindowState@QWidget@@QAEXV?$QFlags@W4WindowState@Qt@@@@@Z.QT5WIDGETS(?), ref: 0091AB2A
                                                                        • ?windowState@QWidget@@QBE?AV?$QFlags@W4WindowState@Qt@@@@XZ.QT5WIDGETS(?), ref: 0091AB39
                                                                        • ?setWindowState@QWidget@@QAEXV?$QFlags@W4WindowState@Qt@@@@@Z.QT5WIDGETS(?), ref: 0091AB47
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: State@$Window$Flags@Widget@@$?set?windowQt@@@@Qt@@@@@
                                                                        • String ID:
                                                                        • API String ID: 2795608452-0
                                                                        • Opcode ID: c1ab5838c1fb33b00b7809845d5237875cf5ac861cc7a3b2b72152da74febba5
                                                                        • Instruction ID: dd12383fc848b20970ab92611bf36cc5483904520d087a331623daf574751afa
                                                                        • Opcode Fuzzy Hash: c1ab5838c1fb33b00b7809845d5237875cf5ac861cc7a3b2b72152da74febba5
                                                                        • Instruction Fuzzy Hash: 4EF01C72A282189FCB05DFBCE9488D977ADEB19366B404522F505C7260EA35EA40DB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0148EEF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetThreadLocale.KERNEL32(?,0148EED0,?,014CBB8C,?,?,0148B10B,00000000,?,00000000,Function_00012580,?,0148A570,?,014CBB8C), ref: 0148EF83
                                                                        • GetDateFormatA.KERNEL32(00000000,00000004,?,00000000,?,00000065,?,0148EED0,?,014CBB8C,?,?,0148B10B,00000000,?,00000000), ref: 0148EFA4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2082695780.0000000001461000.00000020.00000001.01000000.00000012.sdmp, Offset: 01460000, based on PE: true
                                                                        • Associated: 00000006.00000002.2082672269.0000000001460000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082743012.00000000014BB000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082772117.00000000014C2000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082797625.00000000014DD000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082818140.00000000014E6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082838161.00000000014E8000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2082856311.00000000014E9000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_1460000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID: DateFormatLocaleThread
                                                                        • String ID: yyyy
                                                                        • API String ID: 3303714858-3145165042
                                                                        • Opcode ID: e53cd4484c539140f21d2e00897aa7bd66930a291afb0a04d9b9055677615b21
                                                                        • Instruction ID: 037a22ec0fef405e95c62c1e6735dbbfede839d7009a4cf6429496efaaea6c9c
                                                                        • Opcode Fuzzy Hash: e53cd4484c539140f21d2e00897aa7bd66930a291afb0a04d9b9055677615b21
                                                                        • Instruction Fuzzy Hash: 2331A374A0010A9FDB20EF59C890BAEB7F9FF59314F1084AAE648E7320DB319D54CB61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00923C30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2081827840.0000000000911000.00000020.00000001.01000000.00000006.sdmp, Offset: 00910000, based on PE: true
                                                                        • Associated: 00000006.00000002.2081785054.0000000000910000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081884138.000000000095E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081925725.0000000000975000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081969118.0000000000976000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.0000000000977000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.000000000097A000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009B7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        • Associated: 00000006.00000002.2081999238.00000000009BA000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_910000_Vo8hgf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: CefWidget$CefWidgetHandler
                                                                        • API String ID: 0-2695473667
                                                                        • Opcode ID: 983353081b1bd9eaad77d0d2d349e6f2640fb9cc1f2073ce4d51f3e3ddc22a04
                                                                        • Instruction ID: 043b359707f39f2a743faec64af7fc3e534a86020d49fe41f62e450b8b85541a
                                                                        • Opcode Fuzzy Hash: 983353081b1bd9eaad77d0d2d349e6f2640fb9cc1f2073ce4d51f3e3ddc22a04
                                                                        • Instruction Fuzzy Hash: 0111A3733181B4164B21CE6978A16B2BB9FCAB22B53488476CEC6DB715D61BCA09C390
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%